Google Professional Cloud Security Engineer Exam - Topic 4 Question 35 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 35
Topic #: 4

[All Professional Cloud Security Engineer Questions]

You need to set up a Cloud interconnect connection between your company's on-premises data center and VPC host network. You want to make sure that on-premises applications can only access Google APIs over the Cloud Interconnect and not through the public internet. You are required to only use APIs that are supported by VPC Service Controls to mitigate against exfiltration risk to non-supported APIs. How should you configure the network?

AEnable Private Google Access on the regional subnets and global dynamic routing mode.

BSet up a Private Service Connect endpoint IP address with the API bundle of 'all-apis', which is advertised as a route over the Cloud interconnect connection.

CUse private.googleapis.com to access Google APIs using a set of IP addresses only routable from within Google Cloud, which are advertised as routes over the connection.

DUse restricted googleapis.com to access Google APIs using a set of IP addresses only routable from within Google Cloud, which are advertised as routes over the Cloud Interconnect connection.

Show Suggested Answer

Suggested Answer: B

by Amber at May 09, 2022, 05:58 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lavera

4 months ago

Totally agree with C, it's the safest choice!

upvoted 0 times

...

Tamar

4 months ago

B sounds interesting, but not sure if it covers all APIs.

upvoted 0 times

...

Elbert

4 months ago

Surprised that D is even an option, seems risky!

upvoted 0 times

...

Celeste

4 months ago

I think A is better for dynamic routing.

upvoted 0 times

...

Alesia

5 months ago

Option C is the way to go for private access!

upvoted 0 times

...

Shantay

5 months ago

I think restricted googleapis.com could work too, but I’m not clear on how it differs from private.googleapis.com in this context.

upvoted 0 times

...

Louvenia

5 months ago

I feel like using private.googleapis.com makes sense since it restricts access to only Google Cloud, but I’m unsure about the routing aspect.

upvoted 0 times

...

Claribel

5 months ago

I remember a practice question about using Private Service Connect, but I can't recall if it was specifically for all APIs or just certain ones.

upvoted 0 times

...

Derick

5 months ago

I think enabling Private Google Access is important, but I'm not sure if global dynamic routing is necessary for this setup.

upvoted 0 times

...

Erasmo

5 months ago

I'm pretty sure all RSTP ports start in the Discarding state, but I'll double-check that in my notes just to be sure.

upvoted 0 times

...

Tegan

5 months ago

I'm a bit unsure about this one. The question mentions "launch only for opportunities for existing S2B customers", so I'm not sure if the context scope should include just Opportunity or both Opportunity and Account. I'll have to think this through carefully.

upvoted 0 times

...

Pearly

5 months ago

I've got this one. The key is understanding that Effective RTT takes into account the optimization percentage, while the other options don't. That makes Effective RTT the correct answer.

upvoted 0 times

...

Rosann

5 months ago

This is a tricky one. I'm not totally confident, but I'm leaning towards option A. Losing access to the cloud-based service and the business data would be a major issue, so that seems like the primary reason for the backup practices.

upvoted 0 times

...