ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 26 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 26
Topic #: 1
[All Professional Cloud Network Engineer Questions]

You have an application running on Compute Engine that uses BigQuery to generate some results that are stored in Cloud Storage. You want to ensure that none of the application instances have external IP addresses.
Which two methods can you use to accomplish this? (Choose two.)

  • A. Enable Private Google Access on all the subnets.
  • B. Enable Private Google Access on the VPC.
  • C. Enable Private Services Access on the VPC.
  • D. Create network peering between your VPC and BigQuery.
  • E. Create a Cloud NAT, and route the application traffic via NAT gateway.
Show Suggested Answer Hide Answer
Suggested Answer: AE 🗳️
by ESP_SAP at Nov. 2, 2020, 3:54 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ESP_SAP
Highly Voted 3 years, 3 months ago
Correct answers are (A) & (E) Private Google Access interaction https://cloud.google.com/nat/docs/overview#interaction-pga Specifications https://cloud.google.com/vpc/docs/configure-private-google-access#specifications
upvoted 21 times
...
otokichi3
Highly Voted 1 year, 2 months ago
Selected Answer: AE
A & E but these don't prevent instances having external IP, so truly correct answers are missing.
upvoted 8 times
...
saraali
Most Recent 5 months, 3 weeks ago
Selected Answer: AE
The correct options are: AE. A ensures that instances without external IPs can still access Google services like BigQuery and Cloud Storage using internal IPs. E allows instances without external IPs to access external services through a Cloud NAT gateway, maintaining no external IP on the instances.
upvoted 1 times
...
mcjim
8 months, 2 weeks ago
Selected Answer: AE
BigQuery doesn't support Private Services Access so it cannot be C https://cloud.google.com/vpc/docs/private-services-access#private-services-supported-services
upvoted 1 times
...
Komal697
10 months, 1 week ago
Selected Answer: AB
Option A, "Enable Private Google Access on all the subnets," is incorrect because it enables private communication between VM instances and Google APIs and services using Google's private IP space, but it does not prevent VM instances from having external IP addresses. Option E, "Create a Cloud NAT and route the application traffic via NAT gateway," is incorrect because Cloud NAT does not prevent VM instances from having external IP addresses. Cloud NAT provides a way to NAT VM instances' egress traffic to the Internet, but it does not control whether the VM instances have external IP addresses. Option A and B together are correct because enabling Private Google Access on all subnets and the VPC restricts communication to Google APIs and services to only use Google's private IP space. This configuration prevents instances in the VPC from using external IP addresses to communicate with Google APIs and services.
upvoted 1 times
Komal697
10 months, 1 week ago
C. Enabling Private Services Access on the VPC allows private access to Google services with endpoint filtering, but it is not relevant to accessing BigQuery or Cloud Storage. D. Creating network peering between your VPC and BigQuery is not a suitable solution, as BigQuery does not support VPC Network Peering.
upvoted 1 times
...
...
otokichi3
1 year, 2 months ago
A & E but these don't prevent instances having external IP, so truly correct answers are missing.
upvoted 1 times
...
GCP72
1 year, 5 months ago
Selected Answer: AE
A & E are correct answer
upvoted 1 times
...
zaxxon
1 year, 7 months ago
Why not A and C see: https://cloud.google.com/vpc/docs/configure-private-service-connect-apis#console
upvoted 1 times
desertlotus1211
1 year, 4 months ago
private access is done at the subnet level... not VPC level.
upvoted 5 times
...
...
svsilence
1 year, 7 months ago
private access activate on subnet not vpc. A&E correct
upvoted 1 times
...
Dineshsinghbhriguvanshi
1 year, 8 months ago
Selected Answer: AE
Private Google Access can be enabled on subnet level not on vpc level .
upvoted 1 times
...
Luvero
2 years ago
A & E Tested practically
upvoted 3 times
...
kumarp6
2 years, 1 month ago
Answer is : A and E
upvoted 3 times
...
SonamDhingra
2 years, 1 month ago
Selected Answer: AE
A & E please
upvoted 2 times
...
Arad
2 years, 2 months ago
A & E are correct.
upvoted 2 times
...
Vidyasagar
2 years, 10 months ago
A and E
upvoted 1 times
...
groovygorilla
3 years, 1 month ago
Shoube be AE because Private Google Access is enabled at the subnet level.
upvoted 1 times
...
gless
3 years, 1 month ago
I would go with C and E since here --> Private Google Access https://cloud.google.com/vpc/docs/configure-private-google-access#specifications is written: "The primary internal IP address of a VM's network interface in an enabled subnet Except if that interface has an external address assigned".
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel