Google Cloud Professional Cloud Security Engineer — Question 198

Your organization has a hybrid cloud environment with a data center connected to Google Cloud through a dedicated Cloud Interconnect connection. You need to configure private access from your on-premises hosts to Google APIs, specifically Cloud Storage and BigQuery, without exposing traffic to the public internet. What should you do?

Answer options

• A. Configure Shared VPC to extend your Google Cloud VPC network to your on-premises environment. Use Private Google Access to access Google APIs.
• B. Establish VPC peering between your on-premises network and your Google Cloud VPC network. Configure Cloud Firewall rules to allow traffic to Google API IP ranges.
• C. Use Private Google Access for on-premises hosts. Configure DNS resolution to point to the private.googleapis.com domain.
• D. Configure Cloud NAT on your on-premises network. Configure DNS records in a private DNS zone to send requests to 199.36.153.8/30 to access Google APIs.

Correct answer: C

Explanation

The correct answer is C because using Private Google Access allows on-premises hosts to access Google APIs privately without exposing traffic to the internet. Option A involves Shared VPC, which is not necessary for private access in this scenario. Option B suggests VPC peering, which does not guarantee private access to Google APIs. Option D involves Cloud NAT, which is not required when using Private Google Access.