Exam Professional Cloud Security Engineer topic 1 question 134 discussion

I think the correct answer is D. It is mentioned in the question: "You are required to only use APIs that are supported by VPC Service Controls", from which we can understand that we cannot use private.googleapis.com. Hence, option A & C can be eliminated. API bundle with all-apis is mentioned in option B which is wrong as we want to use only those APIs supported by VPC service controls. Hence, option B can be eliminated. Option D has all the solutions we need. https://cloud.google.com/vpc/docs/private-service-connect An API bundle: All APIs (all-apis): most Google APIs (same as private.googleapis.com). VPC-SC (vpc-sc): APIs that VPC Service Controls supports (same as restricted.googleapis.com). VMs in the same VPC network as the endpoint (all regions) On-premises systems that are connected to the VPC network that contains the endpoint

Answer is D

"D" restricted.googleapis.com https://cloud.google.com/vpc-service-controls/docs/set-up-private-connectivity#procedure-overview

D- route from on prem

it's D

https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid Choose restricted.googleapis.com when you only need access to Google APIs and services that are supported by VPC Service Controls.

D. Use restricted googleapis.com to access Google APIs using a set of IP addresses only routable from within Google Cloud, which are advertised as routes over the Cloud Interconnect connection.

D is the answer. https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid#config-choose-domain If you need to restrict users to just the Google APIs and services that support VPC Service Controls, use restricted.googleapis.com. Although VPC Service Controls are enforced for compatible and configured services, regardless of the domain you use, restricted.googleapis.com provides additional risk mitigation for data exfiltration. Using restricted.googleapis.com denies access to Google APIs and services that are not supported by VPC Service Controls.

D is answer, https://cloud.google.com/vpc/docs/configure-private-service-connect-apis#supported-apis The all-apis bundle provides access to the same APIs as private.googleapis.com Choose vpc-sc when you only need access to Google APIs and services that are supported by VPC Service Controls. The vpc-sc bundle does not permit access to Google APIs and services that do not support VPC Service Controls. 1

Will agree with the others

Ans: D Note: If you need to restrict users to just the Google APIs and services that support VPC Service Controls, use restricted.googleapis.com. https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid