Google Cloud Professional Data Engineer — Question 182

You are deploying a batch pipeline in Dataflow. This pipeline reads data from Cloud Storage, transforms the data, and then writes the data into BigQuery. The security team has enabled an organizational constraint in Google Cloud, requiring all Compute Engine instances to use only internal IP addresses and no external IP addresses. What should you do?

Answer options

• A. Ensure that your workers have network tags to access Cloud Storage and BigQuery. Use Dataflow with only internal IP addresses.
• B. Ensure that the firewall rules allow access to Cloud Storage and BigQuery. Use Dataflow with only internal IPs.
• C. Create a VPC Service Controls perimeter that contains the VPC network and add Dataflow, Cloud Storage, and BigQuery as allowed services in the perimeter. Use Dataflow with only internal IP addresses.
• D. Ensure that Private Google Access is enabled in the subnetwork. Use Dataflow with only internal IP addresses.

Correct answer: D

Explanation

The correct answer is D because enabling Private Google Access allows instances with only internal IPs to access Google services such as Cloud Storage and BigQuery. Options A and B do not address the need for Private Google Access, which is essential for internal-only IP configurations. Option C, while useful for other security measures, does not directly solve the access issue related to internal IP usage.