ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Associate Cloud Engineer All Questions

View all questions & answers for the Associate Cloud Engineer exam
Go to Exam

Exam Associate Cloud Engineer topic 1 question 142 discussion

Actual exam question from Google's Associate Cloud Engineer
Question #: 142
Topic #: 1
[All Associate Cloud Engineer Questions]

Your company has workloads running on Compute Engine and on-premises. The Google Cloud Virtual Private Cloud (VPC) is connected to your WAN over a
Virtual Private Network (VPN). You need to deploy a new Compute Engine instance and ensure that no public Internet traffic can be routed to it. What should you do?

  • A. Create the instance without a public IP address.
  • B. Create the instance with Private Google Access enabled.
  • C. Create a deny-all egress firewall rule on the VPC network.
  • D. Create a route on the VPC to route all traffic to the instance over the VPN tunnel.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by MohammedGhouse at Aug. 12, 2020, 9:47 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 3 years, 7 months ago
A for sure B - this allows internal communicaiton, but does nothing to limit public traffic C - deny all is nice, but it's for egress -- we're looking for ingress D - this is way to invasive and doesn't explicitly address the issue of preventing public internet traffic from reaching your instance -- if it does, someone let me know how.
upvoted 32 times
...
MohammedGhouse
Highly Voted 3 years, 8 months ago
A: answer looks right
upvoted 13 times
...
Captain1212
Most Recent 7 months, 3 weeks ago
Selected Answer: A
A is the correct option, as other not limit the ingrres traffic
upvoted 1 times
...
dataengineeruser34
1 year, 2 months ago
A for sure
upvoted 1 times
...
SK1990
1 year, 4 months ago
Selected Answer: A
A - for sure
upvoted 1 times
...
SK1990
1 year, 4 months ago
Selected Answer: A
A is the best anmswer.
upvoted 1 times
...
Nazz1977
1 year, 4 months ago
Selected Answer: A
A for sure
upvoted 1 times
...
Sam98845
1 year, 6 months ago
should be A. VMs cannot communicate over the internet without a public IP address. Private Google Access permits access to Google APIs and services in Google's production infrastructure. https://cloud.google.com/vpc/docs/private-google-access
upvoted 2 times
...
kailash
1 year, 6 months ago
Selected Answer: A
Elimination
upvoted 1 times
...
Charumathi
1 year, 6 months ago
Selected Answer: D
D is the right answer, with private google access for on-premises host, Private Google Access for on-premises hosts On-premises hosts with or without external IP addresses. Connect to Google APIs and services, from your on-premises network, through a Cloud VPN tunnel or Cloud Interconnect by using one of the Private Google Access-specific domains and VIPs. The Google services that you can access depend on which Private Google Access-specific domain you use. Use this option to connect to Google APIs and services through a VPC network. This method doesn't require your on-premises hosts to have external IP addresses. please refer to the link below for more insights, https://cloud.google.com/vpc/docs/private-google-access-hybrid
upvoted 1 times
...
tomis2
1 year, 9 months ago
Selected Answer: A
Through elimination - A
upvoted 1 times
...
AzureDP900
1 year, 10 months ago
A is right
upvoted 1 times
...
badrik
1 year, 11 months ago
Selected Answer: A
AAAAAAAAAA
upvoted 1 times
...
HansKloss611
2 years, 2 months ago
Selected Answer: A
A is correct
upvoted 3 times
...
Yaseed
2 years, 5 months ago
PRIVATE INSTANCE WITH A PUBLIC LOADBALANCER WOULD GO PUBLIC! IT'S CONFUSING
upvoted 2 times
tvinay
2 years, 4 months ago
Why are you shouting here?
upvoted 11 times
chikorita
1 year ago
and why is he bringing Load Balancer in middle of nowhere?
upvoted 3 times
...
...
...
lxs
2 years, 6 months ago
The question is about ingress traffic from Internet A - If the VM does not have public IP it is not routable from Internet. Correct answear B - it is about how to access Google Services API. It does not tell about ingress Internet traffic C - It is about egress traffic D - It could be but we do not know anything about Internet ingress traffic to on prem. What's more default route tells about egress traffic to Internet. Nothing how Internet can access Compute instance. Correct answer is A.
upvoted 5 times
...
arsh1916
2 years, 11 months ago
A is correct
upvoted 4 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago