Google Professional Cloud Architect (PR000213) Exam - Topic 4 Question 120 Discussion

Actual exam question for Google's Professional Cloud Architect (PR000213) exam

Question #: 120
Topic #: 4

[All Professional Cloud Architect (PR000213) Questions]

You are configuring the cloud network architecture for a newly created project m Google Cloud that will host applications in Compote Engine Compute Engine virtual machine instances will be created in two different subnets (sub-a and sub-b) within a single region

* Instances in sub-a win have public IP addresses

* Instances in sub-b will have only private IP addresses

To download updated packages, instances must connect to a public repository outside the boundaries of Google Cloud You need to allow sub-b to access the external repository. What should you do?

AEnable Private Google Access on sub-b

BConfigure Cloud NAT and select sub b m the NAT mapping section

CConfigure a bastion host instance in sub a to connect to instances in sub-b

DEnable Identity Aware Proxy for TCP forwarding for instances in sub-b

Show Suggested Answer

Suggested Answer: B

Cloud NAT (network address translation) lets Google Cloud virtual machine (VM) instances without external IP addresses and private Google Kubernetes Engine (GKE) clusters send outbound packets to the internet and receive any corresponding established inbound response packets1.By configuring Cloud NAT and selecting sub-b in the NAT mapping section, you can allow instances in sub-b to access the external repository without exposing them to the internet1.

by Juliana at May 06, 2026, 08:07 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Architect (PR000213) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!