Domain 2: Managing and Provisioning a Solution Infrastructure — GCP PCA Practice Question 23

How to approach this question

Identify the managed service that provides outbound internet access for private instances.

Full Answer

B.Configure Cloud NAT for the private subnet.✓ Correct

Configure Cloud NAT for the private subnet.

Cloud NAT (Network Address Translation) is a fully managed service that allows VM instances without external IP addresses to connect to the internet. It provides outbound connectivity for updates and patches while blocking unsolicited inbound connections.

Common mistakes

Choosing Private Google Access (C). This is a very common trap. PGA only routes to Google services (like Cloud Storage), not the public internet.

You are designing a multi-tier application in Google Cloud. The web tier is in a public subnet, and the database tier is in a private subnet with no external IP addresses. The database instances need to download software updates from the internet. How should you configure this securely?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 4

More questions from this exam