Google Cloud Professional Cloud Security Engineer — Question 182

You want to set up a secure, internal network within Google Cloud for database servers. The servers must not have any direct communication with the public internet. What should you do?

Answer options

• A. Assign a private IP address to each database server. Use a NAT gateway to provide internet connectivity to the database servers.
• B. Assign a static public IP address to each database server. Use firewall rules to restrict external access.
• C. Create a VPC with a private subnet. Assign a private IP address to each database server.
• D. Assign both a private IP address and a public IP address to each database server.

Correct answer: C

Explanation

The correct answer is C because creating a VPC with a private subnet allows the database servers to communicate internally without exposure to the public internet. Option A is incorrect as using a NAT gateway would still allow the servers to access the internet, which is not desired. Option B is flawed since assigning a public IP address contradicts the requirement for no direct communication with the public internet. Option D also fails to meet the requirement because it involves assigning public IPs.