Your company has recently installed a Cloud VPN tunnel between your on-premises data cent…

Question

Your company has recently installed a Cloud VPN tunnel between your on-premises data center and your Google Cloud Virtual Private Cloud (VPC). You need to configure access to the Cloud Functions API for your on-premises servers. The configuration must meet the following requirements: • Certain data must stay in the project where it is stored and not be exfiltrated to other projects. • Traffic from servers in your data center with RFC 1918 addresses do not use the internet to access Google Cloud APIs. • All DNS resolution must be done on-premises. • The solution should only provide access to APIs that are compatible with VPC Service Controls. What should you do?

Accepted Answer

Correct answer: B. B. 1. Create an A record for restricted.googleapis.com using the 199.36.153.4/30 address range.
2. Create a CNAME record for *.googleapis.com that points to the A record.
3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record.
4. Configure your on-premises firewalls to allow traffic to the restricted.googleapis.com addresses. — The correct answer is B because it specifically addresses the need for accessing the restricted.googleapis.com, which is compatible with VPC Service Controls and ensures the required data residency. Options A and D incorrectly use private.googleapis.com, which does not meet the specified needs, while C suggests removing the default internet gateway, which is unnecessary for accessing the required APIs.

Google Cloud Professional Cloud Network Engineer — Question 122

Answer options

Correct answer: B

Explanation