Google Cloud Professional Cloud Security Engineer — Question 293

Your company's cloud security policy dictates that VM instances should not have an external IP address. You need to identify the Google Cloud service that will allow VM instances without external IP addresses to connect to the internet to update the VMs. Which service should you use?

Answer options

• A. Identity Aware-Proxy
• B. Cloud NAT
• C. TCP/UDP Load Balancing
• D. Cloud DNS

Correct answer: B

Explanation

Cloud NAT is the correct choice as it allows VM instances without external IP addresses to initiate outbound connections to the internet while maintaining security. The other options, such as Identity Aware-Proxy and TCP/UDP Load Balancing, serve different purposes related to access management and traffic routing, respectively, and do not provide the required outbound internet connectivity.