Google Cloud Professional Cloud Network Engineer — Question 232

You are designing the architecture for your organization so that clients can connect to certain Google APIs. Your plan must include a way to connect to Cloud Storage and BigQuery. You also need to ensure the traffic does not traverse the internet. You want your solution to be cloud-first and require the least amount of configuration steps. What should you do?

Answer options

• A. Configure Private Google Access on the VPC resource. Create a default route to the internet.
• B. Configure Private Google Access on the subnet resource. Create a default route to the internet.
• C. Configure Cloud NAT, and remove the default route to the internet.
• D. Configure a global Secure Web Proxy, and remove the default route to the internet.

Correct answer: B

Explanation

The correct answer is B because configuring Private Google Access on the subnet allows resources in the subnet to connect to Google APIs without routing traffic over the public internet. Options A and C do not provide the necessary access without using the internet, and option D introduces an unnecessary layer of complexity with the Secure Web Proxy.