Google Cloud Professional Cloud Network Engineer — Question 38

You have an application running on Compute Engine that uses BigQuery to generate some results that are stored in Cloud Storage. You want to ensure that none of the application instances have external IP addresses.
Which two methods can you use to accomplish this? (Choose two.)

Answer options

• A. Enable Private Google Access on all the subnets.
• B. Enable Private Google Access on the VPC.
• C. Enable Private Services Access on the VPC.
• D. Create network peering between your VPC and BigQuery.
• E. Create a Cloud NAT, and route the application traffic via NAT gateway.

Correct answer: A, E

Explanation

The correct answers are A and E. Enabling Private Google Access on all subnets allows instances without external IP addresses to access Google services without needing an external IP. Additionally, creating a Cloud NAT enables instances to send outbound traffic without external IPs, while options B, C, and D do not provide the necessary configuration to achieve the goal.