GCP Professional Cloud Architect Practice Question
A SaaS provider hosts a multi-region Cloud SQL for PostgreSQL instance in a dedicated project ("database-host"). Each tenant team works in its own isolated project and VPC network. The provider wants every tenant to establish private connectivity to the shared Cloud SQL instance without introducing transitive network dependencies, while minimizing RFC 1918 address consumption and avoiding manual route exchange between projects. Which Google Cloud feature best satisfies these requirements?
Expose the Cloud SQL private address through an internal TCP/UDP load balancer and share it via a cross-project subnet.
Peer every tenant VPC with the database-host VPC using VPC Network Peering.
Create a Private Service Connect endpoint in each tenant VPC that targets the Cloud SQL service attachment in the database-host project.
Let tenants reach Cloud SQL over Cloud NAT using reserved public IP addresses mapped to the instance.
Private Service Connect lets each tenant create a private endpoint inside its own VPC subnet that forwards traffic directly to a producer service such as Cloud SQL in another project. Only the IP addresses that the tenant allocates for its endpoint are used, and no custom route exchange or VPC peering is required, eliminating transitive-routing concerns.
Cloud NAT supplies only outbound internet egress and cannot provide private east-west connectivity. Exposing Cloud SQL through an internal TCP/UDP load balancer would still require cross-project connectivity (for example, VPC peering or Shared VPC) and route management. VPC Network Peering would create broader, bidirectional connectivity between the VPCs and requires all networks to maintain non-overlapping RFC 1918 ranges while still lacking transitive routing, making it less scalable for many isolated tenant VPCs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Private Service Connect in Google Cloud?
Open an interactive chat with Bash
How does Private Service Connect address transitive routing concerns?
Open an interactive chat with Bash
Why is VPC Network Peering not suitable for this scenario?
Open an interactive chat with Bash
What is Private Service Connect?
Open an interactive chat with Bash
Why is VPC Network Peering not ideal for this use case?
Open an interactive chat with Bash
What is RFC 1918 address consumption and why is it important here?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Designing and planning a cloud solution architecture
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .