Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Network Engineer Exam - Topic 7 Question 46 Discussion

You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.Which two actions should you take? (Choose two.)
A) Turn on Private Google Access at the subnet level. and D) Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.
B) Turn on Private Google Access at the VPC level.
C) Turn on Private Services Access at the VPC level.
E) Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.

Google Professional Cloud Network Engineer Exam - Topic 7 Question 46 Discussion

Actual exam question for Google's Professional Cloud Network Engineer exam
Question #: 46
Topic #: 7
[All Professional Cloud Network Engineer Questions]

You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.

Which two actions should you take? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: A, D

https://cloud.google.com/vpc/docs/private-access-options#pga Private Google Access VM instances that only have internal IP addresses (no external IP addresses) can use Private Google Access. They can reach the _external IP addresses_ of Google APIs and services.


by Taryn at May 03, 2022, 01:13 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Network Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Herminia
7 months ago
I agree with A, but I feel like D could work too.
upvoted 0 times
...
Britt
8 months ago
A is a must, but I'm not sure about C.
upvoted 0 times
...
Barney
8 months ago
Wait, can you really bypass the firewall like that?
upvoted 0 times
...
Nu
8 months ago
I think B is a better choice than A.
upvoted 0 times
...
Rima
8 months ago
Definitely A and C! That's the way to go.
upvoted 0 times
...
Janey
8 months ago
I definitely remember that we shouldn’t route traffic through the firewall for these APIs, but I can’t recall if we need to set static routes or just enable access.
upvoted 0 times
...
Enola
8 months ago
I’m a bit confused about the difference between Private Google Access and Private Services Access. I hope I can recall which one is needed here.
upvoted 0 times
...
Dominic
8 months ago
I remember studying Private Google Access, but I’m not sure if it’s at the subnet or VPC level that we need to enable it for this scenario.
upvoted 0 times
...
Louisa
8 months ago
I think we had a practice question about routing traffic to Google APIs, and I feel like Private Services Access was mentioned as important.
upvoted 0 times
...
Milly
8 months ago
This seems like a straightforward question, but I want to make sure I understand the key reasons for maintaining confidentiality in the workplace.
upvoted 0 times
...
Tatum
8 months ago
I think it might be the end user allow list, but I'm not entirely sure if that's specifically for this case.
upvoted 0 times
...
Roselle
8 months ago
The question seems straightforward, but I want to make sure I understand the differences between the AP modes before selecting an answer. I'll need to think this through carefully.
upvoted 0 times
...
Chantell
9 months ago
The Value Improving Proposal sounds like the most likely option here. That's where I'd expect to find a detailed evaluation of value improvement options.
upvoted 0 times
...
Lavonda
9 months ago
Wait, am I overthinking this? The chart looks like it's showing different completion status rates
upvoted 0 times
...
Brock
9 months ago
I'm pretty sure the expected capability level is part of the alignment goals, so I'll go with option A.
upvoted 0 times
...

Save Cancel