Topic 1 Question 134

Professional Cloud Security Engineer

Topic 1 Question 134
You need to set up a Cloud interconnect connection between your company's on-premises data center and VPC host network. You want to make sure that on- premises applications can only access Google APIs over the Cloud Interconnect and not through the public internet. You are required to only use APIs that are supported by VPC Service Controls to mitigate against exfiltration risk to non-supported APIs. How should you configure the network?
- Enable Private Google Access on the regional subnets and global dynamic routing mode.
- Set up a Private Service Connect endpoint IP address with the API bundle of "all-apis", which is advertised as a route over the Cloud interconnect connection.
- Use private.googleapis.com to access Google APIs using a set of IP addresses only routable from within Google Cloud, which are advertised as routes over the connection.
- Use restricted googleapis.com to access Google APIs using a set of IP addresses only routable from within Google Cloud, which are advertised as routes over the Cloud Interconnect connection.
解説
Reference: https://cloud.google.com/network-connectivity/docs/interconnect/concepts/overview

ユーザの投票
コメント(9)
- I think the correct answer is D. It is mentioned in the question: "You are required to only use APIs that are supported by VPC Service Controls", from which we can understand that we cannot use private.googleapis.com. Hence, option A & C can be eliminated. API bundle with all-apis is mentioned in option B which is wrong as we want to use only those APIs supported by VPC service controls. Hence, option B can be eliminated. Option D has all the solutions we need.
  
  https://cloud.google.com/vpc/docs/private-service-connect
  
  An API bundle: All APIs (all-apis): most Google APIs (same as private.googleapis.com). VPC-SC (vpc-sc): APIs that VPC Service Controls supports (same as restricted.googleapis.com). VMs in the same VPC network as the endpoint (all regions) On-premises systems that are connected to the VPC network that contains the endpoint
  
  👍 11
  Nicky14022022/05/09
- Ans: D Note: If you need to restrict users to just the Google APIs and services that support VPC Service Controls, use restricted.googleapis.com. https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid
  
  👍 3
  ExamQnA2022/05/20
- 正解だと思う選択肢: D
  Will agree with the others
  
  👍 2
  cloudprincipal2022/06/05
シャッフルモード

解説

ユーザの投票

コメント(9)