Google Cloud Professional Cloud Security Engineer — Question 287

You have placed several Compute Engine instances in a private subnet. You want to allow these instances to access Google Cloud services, like Cloud Storage, without traversing the internet. What should you do?

Answer options

• A. Enable Private Google Access for the private subnet.
• B. Configure Private Service Connect for the private subnet's Virtual Private Cloud (VPC) and allocate an IP range for the Compute Engine instances.
• C. Reserve and assign static external IP addresses for the Compute Engine instances.
• D. Create a Cloud NAT gateway for the region where the private subnet is configured.

Correct answer: A

Explanation

The correct answer is A because enabling Private Google Access allows private instances to reach Google services without needing public IPs or internet access. Options B and D involve additional configurations that are not necessary for accessing Google services, while option C contradicts the requirement of not using the internet by assigning external IPs.