GCP Professional Cloud Architect Practice Question
A retailer runs a REST-based order-management application on-premises. A logistics partner must call this API from the public internet, but the security team requires that the backend remain reachable only over a private network. The company also needs per-partner request quotas, OAuth 2.0 enforcement, and detailed usage analytics-all without modifying the legacy application. You already operate workloads on Google Cloud and want to minimize ongoing operational effort. Which approach best meets these requirements?
Establish VPC Network Peering between the on-prem network and Google Cloud and share the private service address directly with the partner.
Expose the on-prem API through an external TCP load balancer with Cloud NAT; enforce quotas and OAuth in application code.
Deploy Apigee X in Google Cloud, connect its runtime to the on-prem API over Cloud VPN, and expose the Apigee-managed HTTPS endpoint to the partner.
Re-engineer the API as Cloud Functions behind Cloud Endpoints and retire the on-prem system.
Using Apigee X addresses every stated need. You can deploy Apigee's runtime in a Google-managed project and connect it privately to the on-premises API through Cloud VPN or Cloud Interconnect, ensuring the legacy service is never directly exposed to the internet. External partners call an Apigee-managed HTTPS endpoint, while Apigee policies provide OAuth 2.0 enforcement, partner-specific quota management, and rich usage analytics without any code changes. Re-implementing the API on Cloud Functions would require redevelopment effort and a full migration. Forwarding traffic with an external TCP load balancer plus Cloud NAT would still leave OAuth, quota enforcement, and analytics to be implemented in the application stack, increasing maintenance. VPC Network Peering cannot make a private address reachable to an external partner and offers no API management features. Therefore, the Apigee-based approach is the only solution that satisfies all security and governance requirements while keeping operational overhead low.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Apigee X and why is it suitable for API management?
Open an interactive chat with Bash
How does Cloud VPN ensure secure communication between Google Cloud and on-premises systems?
Open an interactive chat with Bash
What are the benefits of using OAuth 2.0 for API security?
Open an interactive chat with Bash
What is Apigee X and how does it work?
Open an interactive chat with Bash
How does Cloud VPN help connect on-premises to Google Cloud?
Open an interactive chat with Bash
What is OAuth 2.0 and why is it enforced in API management?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Designing and planning a cloud solution architecture
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .