Topic 1 Question 113

Professional Cloud Architect

Topic 1 Question 113
Your organization has decided to restrict the use of external IP addresses on instances to only approved instances. You want to enforce this requirement across all of your Virtual Private Clouds (VPCs). What should you do?
- Remove the default route on all VPCs. Move all approved instances into a new subnet that has a default route to an internet gateway.
- Create a new VPC in custom mode. Create a new subnet for the approved instances, and set a default route to the internet gateway on this new subnet.
- Implement a Cloud NAT solution to remove the need for external IP addresses entirely.
- Set an Organization Policy with a constraint on constraints/compute.vmExternalIpAccess. List the approved instances in the allowedValues list.
解説
Reference: https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address

ユーザの投票
コメント(17)
- D. Set an Organization Policy with a constraint on constraints/compute.vmExternalIpAccess. List the approved instances in the allowedValues list.
  
  👍 21
  victory1082021/07/10
- Ans - D, https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address#disableexternalip
  
  you might want to restrict external IP address so that only specific VM instances can use them. This option can help to prevent data exfiltration or maintain network isolation. Using an Organization Policy, you can restrict external IP addresses to specific VM instances with constraints to control use of external IP addresses for your VM instances within an organization or a project.
  
  👍 16
  AnilKr2021/08/16
- 正解だと思う選択肢: D
  I got similar question on my exam. Answered D.
  
  👍 3
  [Removed]2022/02/11
シャッフルモード

解説

ユーザの投票

コメント(17)