Crucial Exams

GCP Professional Cloud Architect Practice Question

Your company operates several hundred Compute Engine VMs inside a custom VPC network that uses the 10.10.0.0/16 CIDR and has no external IP addresses or Cloud NAT gateway. Security policy requires that traffic from these VMs to a new Cloud SQL for PostgreSQL instance must stay on Google's private backbone and use only RFC 1918 addresses. The network team also wants to avoid maintaining custom static routes if additional subnets are added to the VPC in the future. Which design meets all requirements?

  • Establish Cloud VPN tunnels from each Compute Engine VM to the regional Cloud SQL endpoint and block all other internet-bound traffic with firewall rules.

  • Reserve an unused /24 prefix in the VPC, create a private services access connection, and provision the Cloud SQL instance with a private IP in that range so that Google automatically peers the VPCs and advertises routes.

  • Create VPC Network Peering between the production VPC and the default VPC in the same project, then manually add custom static routes for each new subnet to reach Cloud SQL's public IP.

  • Enable Cloud NAT for the VPC and create the Cloud SQL instance with a public IP; restrict outbound firewall rules to allow only the Cloud SQL address.

GCP Professional Cloud Architect
Managing and provisioning a solution infrastructure
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot