You need to configure a Cloud Interconnect connection between your on-premises data center and a Google Cloud VPC network. You must ensure that on-premises applications can access Google APIs exclusively through the Cloud Interconnect, not via the public internet. Only APIs supported by VPC Service Controls can be used to mitigate data exfiltration risks. How should you configure the network?

Exam-Like

Enable Private Google Access on the regional subnets and global dynamic routing mode.

Set up a Private Service Connect endpoint IP address with the API bundle of "all-apis", which is advertised as a route over the Cloud interconnect connection.

Use private.googleapis.com to access Google APIs using a set of IP addresses only routable from within Google Cloud, which are advertised as routes over the connection.

Use restricted googleapis.com to access Google APIs using a set of IP addresses only routable from within Google Cloud, which are advertised as routes over the Cloud Interconnect connection.

Google Professional Cloud Security Engineer

Get started today

Comments