Topic 1 Question 142
Your company has workloads running on Compute Engine and on-premises. The Google Cloud Virtual Private Cloud (VPC) is connected to your WAN over a Virtual Private Network (VPN). You need to deploy a new Compute Engine instance and ensure that no public Internet traffic can be routed to it. What should you do?
Create the instance without a public IP address.
Create the instance with Private Google Access enabled.
Create a deny-all egress firewall rule on the VPC network.
Create a route on the VPC to route all traffic to the instance over the VPN tunnel.
解説
Get private access to Google services, such as storage, big data, analytics, or machine learning, without having to give your service a public IP address. Reference: https://cloud.google.com/vpc
ユーザの投票
コメント(17)
A for sure
B - this allows internal communicaiton, but does nothing to limit public traffic C - deny all is nice, but it's for egress -- we're looking for ingress D - this is way to invasive and doesn't explicitly address the issue of preventing public internet traffic from reaching your instance -- if it does, someone let me know how.
👍 29[Removed]2020/09/09A: answer looks right
👍 12MohammedGhouse2020/08/12The question is about ingress traffic from Internet A - If the VM does not have public IP it is not routable from Internet. Correct answear B - it is about how to access Google Services API. It does not tell about ingress Internet traffic C - It is about egress traffic D - It could be but we do not know anything about Internet ingress traffic to on prem. What's more default route tells about egress traffic to Internet. Nothing how Internet can access Compute instance.
Correct answer is A.
👍 5lxs2021/10/26
シャッフルモード