Google Cloud Professional Cloud Security Engineer — Question 295

You perform a security assessment on a customer architecture and discover that multiple VMs have public IP addresses. After providing a recommendation to remove the public IP addresses, you are told those VMs need to communicate to external sites as part of the customer's typical operations. What should you recommend to reduce the need for public IP addresses in your customer's VMs?

Answer options

• A. Google Cloud Armor
• B. Cloud NAT
• C. Cloud Router
• D. Cloud VPN

Correct answer: B

Explanation

The correct answer is B, Cloud NAT, which allows VMs without public IP addresses to access external services while keeping them private. Options A (Google Cloud Armor) and C (Cloud Router) do not address the need for outbound internet access without public IPs. Option D (Cloud VPN) is for secure connections to on-premises networks, not for general internet access.