GCP Professional Cloud Security Engineer Practice Question
Your security architecture requires VM workloads in your production VPC to call a third-party fraud-detection service hosted in a separate Google Cloud project. Traffic must remain on Google's private backbone, the service cannot expose a public IP, and VPC Network Peering is impossible because the networks overlap. The provider also wants to avoid updating routes or firewall rules when new consumer projects onboard. Which design meets these needs?
Assign an external IP address to the provider's load balancer and have consumers reach the service over HTTPS through Cloud Armor-protected endpoints.
Create a Private Service Connect endpoint in every consumer VPC that points to the provider's service attachment published behind an internal load balancer.
Configure Cloud VPN tunnels from each consumer VPC to the provider VPC and advertise the service subnet with dynamic routing.
Establish VPC Network Peering between each consumer VPC and the provider VPC, then expose the service through an internal TCP load balancer.
Private Service Connect lets a service producer publish a service attachment behind an internal load balancer. Each consumer project creates its own PSC endpoint, allocates a regional internal IP, and privately reaches the service over Google's backbone-no public IPs or peering required. Because consumer traffic appears as ordinary egress, the producer avoids per-consumer route or firewall updates. Peering, Cloud VPN, or an external load balancer would violate the overlapping-CIDR or private-backbone constraints.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Private Service Connect (PSC)?
Open an interactive chat with Bash
Why is VPC Network Peering not suitable for overlapping CIDR ranges?
Open an interactive chat with Bash
How does Private Service Connect avoid per-consumer route and firewall updates?
Open an interactive chat with Bash
What is Private Service Connect (PSC) in Google Cloud?
Open an interactive chat with Bash
Why is VPC Network Peering not suitable when networks overlap?
Open an interactive chat with Bash
How does Private Service Connect simplify onboarding for multiple consumer projects?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Securing communications and establishing boundary protection
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .