Google Cloud Professional Cloud Security Engineer — Question 89

You need to connect your organization's on-premises network with an existing Google Cloud environment that includes one Shared VPC with two subnets named
Production and Non-Production. You are required to:
✑ Use a private transport link.
✑ Configure access to Google Cloud APIs through private API endpoints originating from on-premises environments.
✑ Ensure that Google Cloud APIs are only consumed via VPC Service Controls.
What should you do?

Answer options

• A. 1. Set up a Cloud VPN link between the on-premises environment and Google Cloud. 2. Configure private access using the restricted.googleapis.com domains in on-premises DNS configurations.
• B. 1. Set up a Partner Interconnect link between the on-premises environment and Google Cloud. 2. Configure private access using the private.googleapis.com domains in on-premises DNS configurations.
• C. 1. Set up a Direct Peering link between the on-premises environment and Google Cloud. 2. Configure private access for both VPC subnets.
• D. 1. Set up a Dedicated Interconnect link between the on-premises environment and Google Cloud. 2. Configure private access using the restricted.googleapis.com domains in on-premises DNS configurations.

Correct answer: D

Explanation

The correct answer is D because a Dedicated Interconnect provides a private connection to Google Cloud, meeting the requirement for a private transport link. Additionally, using the restricted.googleapis.com domains ensures that access to Google Cloud APIs is properly controlled and restricted as per the VPC Service Controls. The other options either do not provide the necessary private link type or do not utilize the correct API endpoint configurations.