Google Cloud Professional Cloud DevOps Engineer — Question 181

You are configuring a Cl pipeline. The build step for your Cl pipeline integration testing requires access to APIs inside your private VPC network. Your security team requires that you do not expose API traffic publicly. You need to implement a solution that minimizes management overhead. What should you do?

Answer options

• A. Use Cloud Build private pools to connect to the private VPC.
• B. Use Cloud Build to create a Compute Engine instance in the private VPC. Run the integration tests on the VM by using a startup script.
• C. Use Cloud Build as a pipeline runner. Configure a cross-region internal Application Load Balancer for API access.
• D. Use Cloud Build as a pipeline runner. Configure a global external Application Load Balancer with a Google Cloud Armor policy for API access.

Correct answer: A

Explanation

The correct answer is A because using Cloud Build private pools allows direct access to resources within the private VPC without exposing them to the public internet, thus aligning with the security team's requirements. Options B, C, and D introduce unnecessary complexity and potential security risks by either creating additional resources or exposing APIs publicly.