Google Cloud Professional Cloud Architect — Question 124

Your organization has decided to restrict the use of external IP addresses on instances to only approved instances. You want to enforce this requirement across all of your Virtual Private Clouds (VPCs). What should you do?

Answer options

• A. Remove the default route on all VPCs. Move all approved instances into a new subnet that has a default route to an internet gateway.
• B. Create a new VPC in custom mode. Create a new subnet for the approved instances, and set a default route to the internet gateway on this new subnet.
• C. Implement a Cloud NAT solution to remove the need for external IP addresses entirely.
• D. Set an Organization Policy with a constraint on constraints/compute.vmExternalIpAccess. List the approved instances in the allowedValues list.

Correct answer: D

Explanation

The correct answer is D because setting an Organization Policy with the specified constraint allows for centralized management of external IP address usage across all VPCs, ensuring only approved instances can use them. Options A and B do not enforce this requirement uniformly across all VPCs, while option C does not directly limit external IP addresses to approved instances.