Answer-first summary for fast verification
Answer: Use restricted googleapis.com to access Google APIs using a set of IP addresses only routable from within Google Cloud, which are advertised as routes over the Cloud Interconnect connection.
The question requires configuring on-premises applications to access Google APIs exclusively through Cloud Interconnect while restricting access to only VPC Service Controls-supported APIs to mitigate data exfiltration risks. Option D (restricted.googleapis.com) is correct because it uses IP addresses routable only within Google Cloud, advertised over Cloud Interconnect, and specifically limits access to APIs supported by VPC Service Controls, as confirmed by the community discussion and Google documentation. Option A is incorrect as Private Google Access applies to VMs, not on-premises systems. Option B (all-apis bundle) is unsuitable as it includes non-VPC-SC-supported APIs, violating the requirement. Option C (private.googleapis.com) is also incorrect as it allows access to APIs beyond VPC Service Controls support, increasing exfiltration risk.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You need to configure a Cloud Interconnect connection between your on-premises data center and a Google Cloud VPC network. You must ensure that on-premises applications can access Google APIs exclusively through the Cloud Interconnect, not via the public internet. Only APIs supported by VPC Service Controls can be used to mitigate data exfiltration risks. How should you configure the network?
A
Enable Private Google Access on the regional subnets and global dynamic routing mode.
B
Set up a Private Service Connect endpoint IP address with the API bundle of "all-apis", which is advertised as a route over the Cloud interconnect connection.
C
Use private.googleapis.com to access Google APIs using a set of IP addresses only routable from within Google Cloud, which are advertised as routes over the connection.
D
Use restricted googleapis.com to access Google APIs using a set of IP addresses only routable from within Google Cloud, which are advertised as routes over the Cloud Interconnect connection.