Google Cloud Professional Data Engineer — Question 244

You are configuring networking for a Dataflow job. The data pipeline uses custom container images with the libraries that are required for the transformation logic preinstalled. The data pipeline reads the data from Cloud Storage and writes the data to BigQuery. You need to ensure cost-effective and secure communication between the pipeline and Google APIs and services. What should you do?

Answer options

• A. Disable external IP addresses from worker VMs and enable Private Google Access.
• B. Leave external IP addresses assigned to worker VMs while enforcing firewall rules.
• C. Disable external IP addresses and establish a Private Service Connect endpoint IP address.
• D. Enable Cloud NAT to provide outbound internet connectivity while enforcing firewall rules.

Correct answer: A

Explanation

The correct answer is A because disabling external IP addresses and enabling Private Google Access allows secure, private communication with Google services without exposing the VMs to the public internet. Option B is less secure as it still exposes worker VMs to the external internet. Option C, while addressing external IPs, doesn't directly ensure cost-effective communication with Google APIs. Option D allows outbound traffic but does not enhance security as much as option A.