Exam Professional Cloud Network Engineer topic 1 question 6 discussion

A, D Requires Private Google Access - https://cloud.google.com/vpc/docs/private-access-options#pga

ANS is A,D. Ref.: https://cloud.google.com/vpc/docs/configure-private-google-access https://cloud.google.com/vpc/docs/private-access-options "By default, when a Compute Engine VM lacks an external IP address assigned to its network interface, it can only send packets to other internal IP address destinations. You can allow these VMs to connect to the set of external IP addresses used by Google APIs and services by enabling Private Google Access on the subnet used by the VM's network interface."

A and D due to By default, when a Compute Engine VM lacks an external IP address assigned to its network interface, it can only send packets to other internal IP address destinations. You can allow these VMs to connect to the set of external IP addresses used by Google APIs and services by enabling Private Google Access on the subnet used by the VM's network interface. https://cloud.google.com/vpc/docs/configure-private-google-access

Answer is 'A' and 'D' . Option 'A' satisfies the requirement of connecting bigquery and pub/sub APIs Option 'D' satisfies the requirement without sending traffic through the firewall.

Choose A & D A. Turn on Private Google Access at the subnet level. Private Google Access allows instances without external IP addresses to reach Google services. D. Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway. By creating custom static routes to the external IP addresses of Google APIs and services, you direct traffic to these services through the default internet gateway, bypassing the third-party firewall.

The correct answers are A,D and the explanation of Mo7y is spot on. See also how Private Google Access work at page 113 in the "GCP Professional Cloud Network Engineer Certification Companion" new book https://a.co/d/aqd8JZk

A&D A is obvious, Private Google Access is the correct product to access Google API's without going through the internet D not E, because Google APIs don't have internal IP address, they're are always addressable via the external public IP addresses, OR the restricted/private IP's which are also public IP addresses but just not routable via the internet, only routable internally (so still NOT internal IP's)

Private Google Access is required. To bypass the 0.0.0.0/0 route, a more specific route towards the public IPs of the Google APIs is necessary, that uses the internet gateway.

A&D are the correct options. Refer https://cloud.google.com/vpc/docs/configure-private-services-access

https://cloud.google.com/vpc/docs/private-google-access

A & D is correct answer

A & D -- Private google access Connect to the standard external IP addresses or Private Google Access domains and VIPs for Google APIs and services through the VPC network’s default internet gateway.

Answer is A & D

The Answers are B & C: https://cloud.google.com/vpc/docs/private-access-options Read the options carefully...

I think only A is correct in this case, It says choose 2 but no one of the others is a correct answer 

A - turning on private google access allows the instances without a public ip to access a set of reserved internal ip addresses for managed services and establish the routes to reach those its automatically, and must be enabled on subnet level, so that would be enough to reach big query and pubsub 

B - private google access is not enabled on VPC level, wrong answer

 C - private services access is for used to establish peering toward google network services in their private network like the management plane of a Kubernetes cluster, and in general is used to reach services that comes in forms of a GCE instance like cloud SQL, and this is not the case 

D,E - not would establish routes through the default internet gateway, but the question clearly states “without sending the traffic through the firewall”, so both are are wrong

A & D are correct.

A, D C - Private service access doesn't support Pubsub and Bigquery