GCP Professional Cloud Architect Practice Question
Your organization processes regulated financial data, and the security team mandates that all CI/CD build jobs must run on compute resources that have no public IP addresses and can communicate only through your company's Shared VPC subnet. You want to keep using Google-managed CI/CD services rather than operate your own build cluster. Within Cloud Build, which capability best satisfies this requirement?
Configure Cloud Build to execute in a custom region that disallows external IP addresses.
Run builds in a Cloud Build private pool that is attached to your Shared VPC subnet.
Execute the build pipeline from Cloud Shell, which can access resources in your VPC.
Place the Cloud Build API inside a VPC Service Controls perimeter to block public egress.
Cloud Build private pools create build worker VMs inside a customer-specified VPC network and subnet. By default, these workers do not receive public IP addresses, so all egress and ingress stay within the private network unless you explicitly configure additional routes or Cloud NAT. Because Google manages the pool lifecycle, you avoid the operational overhead of patching or scaling build servers while still meeting the network-isolation mandate.
VPC Service Controls help mitigate data exfiltration risks but do not change where build worker VMs run or whether they have public IPs. Selecting a different Cloud Build region does not place workers in your VPC, and Cloud Shell sessions still run in Google-managed projects with internet-reachable addresses, so neither option meets the strict isolation requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are private pools in Cloud Build?
Open an interactive chat with Bash
What is a Shared VPC in Google Cloud?
Open an interactive chat with Bash
How does Cloud NAT work with private worker VMs in Cloud Build?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Ensuring solution and operations excellence
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .