Google Cloud Professional Cloud Security Engineer — Question 112

Your organization has on-premises hosts that need to access Google Cloud APIs. You must enforce private connectivity between these hosts, minimize costs, and optimize for operational efficiency.

What should you do?

Answer options

• A. Set up VPC peering between the hosts on-premises and the VPC through the internet.
• B. Route all on-premises traffic to Google Cloud through an IPsec VPN tunnel to a VPC with Private Google Access enabled.
• C. Enforce a security policy that mandates all applications to encrypt data with a Cloud Key Management Service (KMS) key before you send it over the network.
• D. Route all on-premises traffic to Google Cloud through a dedicated or Partner Interconnect to a VPC with Private Google Access enabled.

Correct answer: B

Explanation

The correct answer is B, as using an IPsec VPN tunnel allows for secure and private connectivity to Google Cloud while enabling Private Google Access, which minimizes costs and optimizes efficiency. Option A is incorrect because VPC peering does not provide private connectivity over the internet. Option C, while important for security, does not address the connectivity requirement. Option D, although it provides private connectivity, may incur higher costs compared to using an IPsec VPN.