GCP Professional Cloud Security Engineer Practice Question
Within a single Google Cloud organization you have configured project-net-host as a Shared VPC host. It exports a VPC that contains two subnets in the same region. Compute Engine instances from service project alpha use subnet-a, while instances from service project beta use subnet-b. The security team requires that the two groups of VMs communicate only over their internal IP addresses, and none of the VMs should have external IPs. What is the most straightforward networking configuration to satisfy this requirement?
Rely on the existing Shared VPC; create host-level firewall rules that permit the required internal traffic and launch the VMs without external IP addresses.
Create reciprocal Private Service Connect endpoints so each subnet can reach the other without using public IP addresses.
Establish VPC Network Peering between the two service projects and keep the default firewall configuration.
Set up redundant Cloud VPN tunnels with Cloud Routers between the service projects to carry internal traffic securely.
Because both service projects attach their VM network interfaces directly to subnets that belong to the same Shared VPC, Google Cloud automatically provides internal routing between those subnets. No additional peering, VPN, or Private Service Connect configuration is necessary. You simply have to ensure that the VMs are created without external IP addresses and that the host-project firewall rules allow the desired intra-subnet traffic. Creating VPC Network Peering, Cloud VPN tunnels, or Private Service Connect endpoints would add needless complexity and cost because they solve problems that Shared VPC already addresses natively.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Shared VPC in Google Cloud?
Open an interactive chat with Bash
How does Google Cloud ensure internal routing between subnets in a Shared VPC?
Open an interactive chat with Bash
Why is assigning VMs without external IP addresses important for security?
Open an interactive chat with Bash
What is a Shared VPC in Google Cloud?
Open an interactive chat with Bash
Why is it important to remove external IPs from the VMs in this setup?
Open an interactive chat with Bash
How do host-level firewall rules ensure security within the Shared VPC?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Securing communications and establishing boundary protection
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .