Answer-first summary for fast verification
Answer: Upload the required installation files to Cloud Storage. Configure the VM on a subnet with a Private Google Access subnet. Assign only an internal IP address to the VM. Download the installation files to the VM using gsutil.
The correct answer is A because it leverages Private Google Access, which allows VMs with only internal IP addresses to access Google APIs and services like Cloud Storage without requiring public internet access. This aligns with the security constraint of no public internet access. Option B is incorrect because Cloud Storage does not have a specific IP address range that can be used in firewall rules; it's accessed via domain names, and firewall rules based on IP ranges would not work effectively. Options C and D are unsuitable because Cloud Source Repositories is designed for source code management, not for storing installation files, and using it for this purpose is not a best practice. The community discussion strongly supports A, with 82% of votes and numerous comments explaining that Private Google Access is the proper mechanism for this scenario, while highlighting the flaws in other options.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are operating in a highly secured environment that prohibits public Internet access from Compute Engine VMs. A VPN connection to an on-premises file server is not yet available. How should you install specific software on a Compute Engine instance under these constraints?
A
Upload the required installation files to Cloud Storage. Configure the VM on a subnet with a Private Google Access subnet. Assign only an internal IP address to the VM. Download the installation files to the VM using gsutil.
B
Upload the required installation files to Cloud Storage and use firewall rules to block all traffic except the IP address range for Cloud Storage. Download the files to the VM using gsutil.
C
Upload the required installation files to Cloud Source Repositories. Configure the VM on a subnet with a Private Google Access subnet. Assign only an internal IP address to the VM. Download the installation files to the VM using gcloud.
D
Upload the required installation files to Cloud Source Repositories and use firewall rules to block all traffic except the IP address range for Cloud Source Repositories. Download the files to the VM using gsutil.