Google Cloud Professional Cloud Network Engineer — Question 170

Your organization has multiple VMs running on Google Cloud within a VPC. The VMs require connectivity to certain Google APIs. You need to enable Private Google Access for VM connectivity to Cloud Storage. What should you do?

Answer options

• A. Enable Private Google Access on the project, remove the default route that points to the default internet gateway, and enable the Cloud Storage API.
• B. Enable Private Google Access on the VM, remove the default route that points to the default internet gateway, and enable the Cloud Storage API.
• C. Enable Private Google Access on the VPC, create a default route that points to the default internet gateway, and enable the Cloud Storage API.
• D. Enable Private Google Access on the subnet, create a default route that points to the default internet gateway, and enable the Cloud Storage API.

Correct answer: D

Explanation

The correct answer is D because enabling Private Google Access on the subnet allows the VMs to access Google APIs privately without needing an external IP. Options A and B incorrectly suggest enabling Private Google Access at the project or VM level, which does not provide the necessary connectivity. Option C suggests enabling it on the VPC, but it fails to address the requirement to set it at the subnet level for specific VM access.