Google Exam Professional-Cloud-Architect Topic 6 Question 18 Discussion

Actual exam question for Google's Google Cloud Architect Professional exam

Question #: 18
Topic #: 6

[All Google Cloud Architect Professional Questions]

Your organization has decided to restrict the use of external IP addresses on instances to only approved instances. You want to enforce this requirement across all of your Virtual Private Clouds (VPCs). What should you do?

ARemove the default route on all VPCs. Move all approved instances into a new subnet that has a default route to an internet gateway.

BCreate a new VPC in custom mode. Create a new subnet for the approved instances, and set a default route to the internet gateway on this new subnet.

CImplement a Cloud NAT solution to remove the need for external IP addresses entirely.

DSet an Organization Policy with a constraint on constraints/compute.vmExternalIpAccess. List the approved instances in the allowedValues list.

Show Suggested Answer

Suggested Answer: D

https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address#disableexternalip

you might want to restrict external IP address so that only specific VM instances can use them. This option can help to prevent data exfiltration or maintain network isolation. Using an Organization Policy, you can restrict external IP addresses to specific VM instances with constraints to control use of external IP addresses for your VM instances within an organization or a project.

by Justine at May 06, 2022, 11:07 AM

Limited Time Offer

25%

Off

Get Premium Professional-Cloud-Architect Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!