Domain 3: Designing for Security and Compliance — GCP PCA Practice Question 42

How to approach this question

Understand how private VMs reach Google APIs (Private Google Access) and how VPC SC perimeters work (the VPC must be inside the perimeter).

Full Answer

B,E

To securely access Google APIs from private VMs, you must enable Private Google Access on the subnet. This routes traffic to Google APIs internally. When VPC Service Controls is enabled, it blocks access to services like Cloud Storage. To allow the private VMs to access the storage, the VPC network hosting the VMs must be explicitly added to the VPC SC perimeter. This creates a trusted boundary containing both the VMs and the Storage buckets.

Common mistakes

Thinking Cloud NAT is required (C). Cloud NAT is for reaching third-party internet sites. Google APIs are reached internally via Private Google Access.

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 3

More questions from this exam