Google Cloud Digital Leader — Question 10
Your organization runs all its workloads on Compute Engine virtual machine instances. Your organization has a security requirement: the virtual machines are not allowed to access the public internet. The workloads running on those virtual machines need to access BigQuery and Cloud Storage, using their publicly accessible interfaces, without violating the security requirement.
Which Google Cloud product or feature should your organization use?
Answer options
- A. Identity-Aware Proxy
- B. Cloud NAT (network address translation)
- C. VPC internal load balancers
- D. Private Google Access
Correct answer: D
Explanation
The correct choice, Private Google Access, allows virtual machines to connect to Google services like BigQuery and Cloud Storage without needing public internet access, complying with the security requirement. Identity-Aware Proxy is not designed for this purpose, Cloud NAT provides internet access which contradicts the requirement, and VPC internal load balancers are used for distributing traffic within the VPC, not for accessing Google services directly.