Exam Professional Cloud Architect topic 1 question 150 discussion

Cloud NAT is the correct answer

** Admins: More than 60% of the answers you have selected are wrong. Please correct them ASAP. I must appreciate community here for taking out time to share their perspective and help fellow learners. "B" can never be an answer here as the Private Google Access enables internal access to Google APIs only whereas in question the ask is "access to third-party services on the internet"

Cloud NAT, Private Service Connect is for Google API Access.

Cloud NAT to access to the internet

It is A

Needs Nat to connect to 3rd party apps

B is only part of the solution, but needs Cloud Nat to get access on the internet with third-party services, then the correct answer is A . See doc: https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept

go for Cloud NAT

I am not sure who's writing these answers Private Google Access is useful for allowing Google Cloud resources, including GKE clusters, to access Google services without public IPs, but it doesn't provide access to third-party services on the internet.

Cloud NAT allows the resources in private subnet to access the internet—for updates, patching, config management, and more—in a controlled and efficient manner.

Selected Answer: A. Cloud NAT allows the resources in private subnet to access the internet—for updates, patching, config management, and more—in a controlled and efficient manner.

A. https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#workloads_on_private_clusters_unable_to_access_internet

Private Google Access allows resources in a VPC network to access Google Cloud services without an external IP address. By configuring the GKE cluster as a private cluster, the nodes and services inside the cluster will not have a public IP address, and only resources within the VPC network will be able to communicate with them. With Private Google Access enabled, the GKE cluster can access third-party services on the internet via Google APIs and services without requiring a public IP address. Therefore, the correct option is: B. Configure the GKE cluster as a private cluster. Configure Private Google Access on the Virtual Private Cloud (VPC).

answer should be "B" https://cloud.google.com/vpc/docs/private-access-options

A is the correct answer, Granting private nodes outbound internet access To provide outbound internet access for your private nodes, such as to pull images from an external registry, use Cloud NAT to create and configure a Cloud Router. Cloud NAT lets private clusters establish outbound connections over the internet to send and receive packets. The Cloud Router allows all your nodes in the region to use Cloud NAT for all primary and alias IP ranges. It also automatically allocates the external IP addresses for the NAT gateway. For instructions to create and configure a Cloud Router, refer to Create a Cloud NAT configuration using Cloud Router in the Cloud NAT documentation. https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#private-nodes-outbound

A is the correct answer

B is right,,, , https://cloud.google.com/vpc/docs/configure-private-google-access By default, when a Compute Engine VM lacks an external IP address assigned to its network interface, it can only send packets to other internal IP address destinations. You can allow these VMs to connect to the set of external IP addresses used by Google APIs and services by enabling Private Google Access on the subnet used by the VM's network interface. Private Google Access also allows access to the external IP addresses used by App Engine, including third-party App Engine-based services.