Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Architect (PR000213) Exam - Topic 4 Question 120 Discussion

You are configuring the cloud network architecture for a newly created project m Google Cloud that will host applications in Compote Engine Compute Engine virtual machine instances will be created in two different subnets (sub-a and sub-b) within a single region* Instances in sub-a win have public IP addresses* Instances in sub-b will have only private IP addressesTo download updated packages, instances must connect to a public repository outside the boundaries of Google Cloud You need to allow sub-b to access the external repository. What should you do?
B) Configure Cloud NAT and select sub b m the NAT mapping section
A) Enable Private Google Access on sub-b
C) Configure a bastion host instance in sub a to connect to instances in sub-b
D) Enable Identity Aware Proxy for TCP forwarding for instances in sub-b

Google Professional Cloud Architect (PR000213) Exam - Topic 4 Question 120 Discussion

Actual exam question for Google's Professional Cloud Architect (PR000213) exam
Question #: 120
Topic #: 4
[All Professional Cloud Architect (PR000213) Questions]

You are configuring the cloud network architecture for a newly created project m Google Cloud that will host applications in Compote Engine Compute Engine virtual machine instances will be created in two different subnets (sub-a and sub-b) within a single region

* Instances in sub-a win have public IP addresses

* Instances in sub-b will have only private IP addresses

To download updated packages, instances must connect to a public repository outside the boundaries of Google Cloud You need to allow sub-b to access the external repository. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: B

Cloud NAT (network address translation) lets Google Cloud virtual machine (VM) instances without external IP addresses and private Google Kubernetes Engine (GKE) clusters send outbound packets to the internet and receive any corresponding established inbound response packets1.By configuring Cloud NAT and selecting sub-b in the NAT mapping section, you can allow instances in sub-b to access the external repository without exposing them to the internet1.


by Juliana at May 06, 2026, 08:07 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Architect (PR000213) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lai
28 days ago
I’m a bit confused about the bastion host option. I thought it was mainly for secure access, not necessarily for downloading packages.
upvoted 0 times
...
Claribel
1 month ago
I remember practicing a similar question where configuring Cloud NAT was the right choice for allowing private instances to access the internet. That might be the answer here too.
upvoted 0 times
...
Miriam
1 month ago
I think enabling Private Google Access on sub-b could be a good option, but I'm not entirely sure if it allows access to external repositories.
upvoted 0 times
...

Save Cancel