Topic 1 Question 109
You recently deployed Compute Engine instances in regions us-west1 and us-east1 in a Virtual Private Cloud (VPC) with default routing configurations. Your company security policy mandates that virtual machines (VMs) must not have public IP addresses attached to them. You need to allow your instances to fetch updates from the internet while preventing external access. What should you do?
Create a Cloud NAT gateway and Cloud Router in both us-west1 and us-east1.
Create a single global Cloud NAT gateway and global Cloud Router in the VPC.
Change the instances’ network interface external IP address from None to Ephemeral.
Create a firewall rule that allows egress to destination 0.0.0.0/0.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: A
100% sure for A:
B) wrong, cloud nat is regional (https://cloud.google.com/nat/docs/overview#specifications) C) wrong, there's security policy this scenario block associate external IP D) no make sense, this is default setup, not necessary allow outbound rule.
👍 5ccieman20162022/12/02 A is right https://youtu.be/bmaarG0IkH8 Please watch this video and understand how Cloud NAT works, It is regional
���👍 3AzureDP9002022/11/30• A. Create a Cloud NAT gateway and Cloud Router in both ***** us-west1 and us-east1. When you create a Cloud NAT gateway, you can choose to have the gateway automatically allocate regional external IP addresses. Alternatively, you can manually assign a fixed number of regional external IP addresses to the gateway. For details about each method, see NAT IP addresses.
👍 1pk3492023/01/14
シャッフルモード