Google Cloud Professional Cloud Security Engineer — Question 254

A customer wants to run a batch processing system on VMs and store the output files in a Cloud Storage bucket. The networking and security teams have decided that no VMs may reach the public internet.
How should this be accomplished?

Answer options

• A. Create a firewall rule to block internet traffic from the VM.
• B. Provision a NAT Gateway to access the Cloud Storage API endpoint.
• C. Enable Private Google Access.
• D. Mount a Cloud Storage bucket as a local filesystem on every VM.

Correct answer: C

Explanation

The correct answer is C, as enabling Private Google Access allows the VMs to access Google services like Cloud Storage without needing a public internet connection. Option A merely blocks internet traffic but does not provide access to needed services. Option B involves a NAT Gateway, which is unnecessary when using Private Google Access. Option D is not a valid solution, as mounting a Cloud Storage bucket does not solve the issue of internet access restrictions.