ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 179 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 179
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You need to set up a Cloud Interconnect connection between your company’s on-premises data center and VPC host network. You want to make sure that on-premises applications can only access Google APIs over the Cloud Interconnect and not through the public internet. You are required to only use APIs that are supported by VPC Service Controls to mitigate against exfiltration risk to non-supported APIs. How should you configure the network?

  • A. Enable Private Google Access on the regional subnets and global dynamic routing mode.
  • B. Create a CNAME to map *.googleapis.com to restricted.googleapis.com, and create A records for restricted.googleapis.com mapped to 199.36.153.8/30.
  • C. Use private.googleapis.com to access Google APIs using a set of IP addresses only routable from within Google Cloud, which are advertised as routes over the connection.
  • D. Use restricted googleapis.com to access Google APIs using a set of IP addresses only routable from within Google Cloud, which are advertised as routes over the Cloud Interconnect connection.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Sanjana2020 at Aug. 2, 2023, 9:14 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
KLei
4 months ago
Selected Answer: D
Enables API access to Google APIs and services that are supported by VPC Service Controls. Blocks access to Google APIs and services that do not support VPC Service Controls. Does not support Google Workspace APIs or Google Workspace web applications such as Gmail and Google Docs
upvoted 1 times
...
shmoeee
7 months, 1 week ago
This is a repeated question
upvoted 1 times
...
cyberpunk21
1 year, 2 months ago
Selected Answer: D
D is correct, A - doesn't address the issue B - Looks good but for restricted API the subnet address will be 199.36.153.4/30 not 8/30 c - wrong D - everything looks good
upvoted 4 times
...
arpgaur
1 year, 2 months ago
D, use restricted google.apis.com. https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid
upvoted 4 times
...
Sanjana2020
1 year, 2 months ago
D, restricted
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago