Google Cloud Professional Cloud Network Engineer — Question 81

Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with access from your on-premises network using Cloud Interconnect. You must configure access only to Google APIs and services that are supported by VPC Service Controls through hybrid connectivity with a service level agreement (SLA) in place. What should you do?

Answer options

• A. Configure the existing Cloud Routers to advertise the Google API's public virtual IP addresses.
• B. Use Private Google Access for on-premises hosts with restricted.googleapis.com virtual IP addresses.
• C. Configure the existing Cloud Routers to advertise a default route, and use Cloud NAT to translate traffic from your on-premises network.
• D. Add Direct Peering links, and use them for connectivity to Google APIs that use public virtual IP addresses.

Correct answer: B

Explanation

The correct answer is B because Private Google Access allows your on-premises hosts to reach Google APIs using private IP addresses, ensuring compliance with VPC Service Controls. Option A is incorrect as advertising public IP addresses does not align with the requirement for restricted access. Option C does not provide direct access to Google APIs in a secure manner, while option D involves public IPs that do not meet the specified requirements.