Topic 1 Question 202
You have an application that runs on Compute Engine VM instances in a custom Virtual Private Cloud (VPC). Your company’s security policies only allow the use of internal IP addresses on VM instances and do not let VM instances connect to the internet. You need to ensure that the application can access a file hosted in a Cloud Storage bucket within your project. What should you do?
Enable Private Service Access on the Cloud Storage Bucket.
Add storage.googleapis.com to the list of restricted services in a VPC Service Controls perimeter and add your project to the list of protected projects.
Enable Private Google Access on the subnet within the custom VPC.
Deploy a Cloud NAT instance and route the traffic to the dedicated IP address of the Cloud Storage bucket.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: C
Private Google Access lets you connect VM instances to GCP services without external IP addresses and only internal. A is wrong because even though Private Services Access lets you also access GCP and other services through internal IPs, it also allows the VMs to have external IPs. https://cloud.google.com/vpc/docs/private-google-access
👍 4juliorevk2023/08/03 - 正解だと思う選択肢: C
Cloud Storage is not a supported service for Private Service Access. Hence, A cannot be the answer. https://cloud.google.com/vpc/docs/private-services-access#private-services-supported-services
VM instances that only have internal IP addresses (no external IP addresses) can use Private Google Access. They can reach the external IP addresses of Google APIs and services. If you disable Private Google Access, the VM instances can no longer reach Google APIs and services; they can only send traffic within the VPC network. https://cloud.google.com/vpc/docs/private-google-access
👍 4scanner22023/09/03 - 正解だと思う選択肢: C
Right answer.
👍 3georgesouzafarias2023/06/23
シャッフルモード