Google Professional Cloud Network Engineer Exam - Topic 7 Question 46 Discussion

Actual exam question for Google's Professional Cloud Network Engineer exam

Question #: 46
Topic #: 7

[All Professional Cloud Network Engineer Questions]

You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.

Which two actions should you take? (Choose two.)

ATurn on Private Google Access at the subnet level.

BTurn on Private Google Access at the VPC level.

CTurn on Private Services Access at the VPC level.

DCreate a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.

ECreate a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.

Show Suggested Answer

Suggested Answer: A, D

https://cloud.google.com/vpc/docs/private-access-options#pga Private Google Access VM instances that only have internal IP addresses (no external IP addresses) can use Private Google Access. They can reach the _external IP addresses_ of Google APIs and services.

by Taryn at May 03, 2022, 01:13 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Network Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Herminia

5 months ago

I agree with A, but I feel like D could work too.

upvoted 0 times

...

Britt

5 months ago

A is a must, but I'm not sure about C.

upvoted 0 times

...

Barney

5 months ago

Wait, can you really bypass the firewall like that?

upvoted 0 times

...

Nu

5 months ago

I think B is a better choice than A.

upvoted 0 times

...

Rima

5 months ago

Definitely A and C! That's the way to go.

upvoted 0 times

...

Janey

5 months ago

I definitely remember that we shouldn’t route traffic through the firewall for these APIs, but I can’t recall if we need to set static routes or just enable access.

upvoted 0 times

...

Enola

5 months ago

I’m a bit confused about the difference between Private Google Access and Private Services Access. I hope I can recall which one is needed here.

upvoted 0 times

...

Dominic

5 months ago

I remember studying Private Google Access, but I’m not sure if it’s at the subnet or VPC level that we need to enable it for this scenario.

upvoted 0 times

...

Louisa

5 months ago

I think we had a practice question about routing traffic to Google APIs, and I feel like Private Services Access was mentioned as important.

upvoted 0 times

...

Milly

6 months ago

This seems like a straightforward question, but I want to make sure I understand the key reasons for maintaining confidentiality in the workplace.

upvoted 0 times

...

Tatum

6 months ago

I think it might be the end user allow list, but I'm not entirely sure if that's specifically for this case.

upvoted 0 times

...

Roselle

6 months ago

The question seems straightforward, but I want to make sure I understand the differences between the AP modes before selecting an answer. I'll need to think this through carefully.

upvoted 0 times

...

Chantell

6 months ago

The Value Improving Proposal sounds like the most likely option here. That's where I'd expect to find a detailed evaluation of value improvement options.

upvoted 0 times

...

Lavonda

6 months ago

Wait, am I overthinking this? The chart looks like it's showing different completion status rates

upvoted 0 times

...

Brock

6 months ago

I'm pretty sure the expected capability level is part of the alignment goals, so I'll go with option A.

upvoted 0 times

...