Exam Professional Cloud Network Engineer topic 1 question 55 discussion

Answer are A & C C is definitely correct. private services access require private connection In below links stated Service Networking API is required https://cloud.google.com/service-infrastructure/docs/enabling-private-services-access

Correct Answer are (C) & (E): C: If you are using private IP for any of your Cloud SQL instances, you only need to configure private services access one time for every Google Cloud project that has or needs to connect to a Cloud SQL instance. If your Google Cloud project has a Cloud SQL instance, you can either configure it yourself or let Cloud SQL do it for you to use private IP. Cloud SQL configures private services access for you when all the conditions below are true: https://cloud.google.com/sql/docs/postgres/configure-private-services-access#before_you_begin E: You can enable Private Google access on a subnet level and any VMs on that subnet can access Google APIs by using their internal IP address. https://cloud.google.com/vpc/docs/configure-private-google-access

It difficult to understand why. in my opinion should be OLNY E or A and C both. Enabling Private Google Access allows VM instances without public IPs to access Google APIs and services. While useful, it's not strictly necessary for Cloud SQL private connectivity if you already have the Service Networking API and private connection configured. However, enabling this can provide additional benefits for accessing other Google services.

Answers are A&E:

C&E Private google access is a valid option for connecting from GCEs with no public ip

A & C. E is not a correct option because PGA is required only if you want to connect to Google API's (restricted or private).

Answer should be A&C. There are different ways to consume and provide APIs and services in GCP: https://cloud.google.com/vpc/docs/private-access-options#connect-google-apis --- Private service connect --- Private Google access --- Private services access Among all the given options, only A/C(Private services access) and E(Private Google access) are reasonable. As the answers have to be two, so they can only be A and C. Also, Private Google access is enabled on subnet level, not on VPC level. *For Private services access, its deployment involves the allocation of a specific internal CIDR in the local VPC and creation of a private connection between local VPC and service provider's VPC. This private connection is created using Service Networking API. https://cloud.google.com/vpc/docs/private-services-access *For Private Google access, it applies for accessing the external ip of Google APIs and services from instances with only internal ip addresses https://cloud.google.com/vpc/docs/private-google-access

AC is ans

should be A,C

I think the answer is A and C To use private service access, enabling Service Networking API is required on the project as per https://cloud.google.com/service-infrastructure/docs/enabling-private-services-access and it's required to create a private connection after enabling above API. https://cloud.google.com/sql/docs/mysql/private-ip#application_environment_requirements

Please refer https://cloud.google.com/sql/docs/mysql/private-ip#requirements_for_private_ip It clearly says creating Configuring a Cloud SQL instance and acces is privately we need private services access and Service Networking API must be enabled hence A and C is correct a service

To access Cloud SQL from VPC instances without public IP addresses, you need to enable Private Google Access on the subnet where the instances are located. Private Google Access allows VMs without public IP addresses to reach Google APIs and services such as Cloud SQL using internal IP addresses. In addition, you need to activate the Service Networking API in your project. This enables you to create a private connection to Cloud SQL using VPC Service Controls. With VPC Service Controls, you can create a private connection between your VPC network and Cloud SQL without requiring an external IP address.

It's A&C here is the link that shows that: https://cloud.google.com/sql/docs/mysql/configure-private-ip You must enable the Service Networking API for your project. Private services access When you create a new VPC network in your project, you need to configure private services access to allocate an IP address range and create a private service connection. This allows resources in the VPC network to connect to Cloud SQL instances.

C is definitely correct. private services access require private connection In below links stated Service Networking API is required Service Networking enables you to offer your managed services on internal IP addresses to service consumers. Service consumers use private services access to privately connect to your service.

The question is not mentioning the need of connecting to CloudSQL by its private ip, enabling Network Services API is mandatory for enabling Private Google Access, A&E are the ones.

Answer is A&E: https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started

Between A&C and C&E is confused. Based on the quesiton said ," access to Cloud SQL from VPC with no public IP", it should be means: VM which only with internal IP need access to Cloud SQL Based on the PGA overview, example and its supported services, E is a suitable option at least. https://cloud.google.com/vpc/docs/private-google-access https://cloud.google.com/vpc/docs/private-google-access#example https://cloud.google.com/vpc/docs/private-services-access#private-services-supported-services And about option A, I only found following description: "Service Networking enables you to offer your managed services on internal IP addresses to service consumers" Base on my understanding, it seems to describe the part of services (Cloud SQL) has an internal IP. It was different with this question mentioned. I think C & E is better.