Topic 1 Question 6
2 つ選択You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall. Which two actions should you take?
Turn on Private Google Access at the subnet level.
Turn on Private Google Access at the VPC level.
Turn on Private Services Access at the VPC level.
Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.
Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.
ユーザの投票
コメント(17)
A, D Requires Private Google Access - https://cloud.google.com/vpc/docs/private-access-options#pga
👍 29Ganshank2020/05/05ANS is A,D. Ref.: https://cloud.google.com/vpc/docs/configure-private-google-access https://cloud.google.com/vpc/docs/private-access-options
"By default, when a Compute Engine VM lacks an external IP address assigned to its network interface, it can only send packets to other internal IP address destinations. You can allow these VMs to connect to the set of external IP addresses used by Google APIs and services by enabling Private Google Access on the subnet used by the VM's network interface."
👍 11EJJ2021/04/18A, D
C - Private service access doesn't support Pubsub and Bigquery
👍 2retep0072021/09/20
シャッフルモード