ExpertHard1 markMultiple Choice
GCP ACE · Question 30 · Domain 3.5: Deploying and implementing networking resources
You have Compute Engine instances in a VPC subnet that do not have external IP addresses. They need to download software updates from the internet. Which TWO resources must you configure to allow this outbound traffic securely? (Select TWO)
You have Compute Engine instances in a VPC subnet that do not have external IP addresses. They need to download software updates from the internet. Which TWO resources must you configure to allow this outbound traffic securely? (Select TWO)
Answer options:
A.
Cloud NAT
B.
Cloud VPN
C.
Cloud Router
D.
Identity-Aware Proxy (IAP)
E.
External HTTP(S) Load Balancer
How to approach this question
Identify the service that provides outbound internet access for private VMs, and the underlying routing component it requires.
Full Answer
Cloud NAT
Cloud Router
Cloud NAT allows Compute Engine instances without external IP addresses to access the internet for updates and patching. Cloud NAT is a distributed, software-defined managed service. It requires a Cloud Router to be configured in the same region to manage the NAT gateway.
Common mistakes
Selecting IAP, which is used to SSH into private VMs, but doesn't give the VMs internet access.
Practice the full GCP Associate Cloud Engineer Practice Exam 1
50 questions · hints · full answers · grading
More questions from this exam
Q01What is the highest level of the Google Cloud resource hierarchy?EasyQ02You need to enable the Compute Engine API in a new project using the command line. Which command ...EasyQ03You are setting up a new GCP environment. You need to grant a group of developers access to view ...MediumQ04You want to receive an email notification when your GCP spending exceeds $1000 this month. What s...EasyQ05You need to analyze your GCP billing data using complex SQL queries to understand cost trends acr...Medium