0
0
GCPcloud~20 mins

Private Google Access in GCP - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
πŸŽ–οΈ
Private Google Access Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
What does enabling Private Google Access on a subnet allow?

Consider a Google Cloud subnet with Private Google Access enabled. What capability does this feature provide to VM instances in that subnet?

AVMs can access the internet directly without any firewall rules.
BVMs can access Google APIs and services using internal IPs without external IP addresses.
CVMs can only access Google APIs if they have external IP addresses assigned.
DVMs can communicate with other VMs in different projects without VPN.
Attempts:
2 left
πŸ’‘ Hint

Think about how VMs without external IPs can still reach Google services.

❓ Architecture
intermediate
2:00remaining
Which architecture supports Private Google Access for on-premises resources?

You want on-premises servers to access Google APIs privately without using public internet. Which architecture supports this?

ASet up Cloud VPN or Cloud Interconnect with a VPC subnet that has Private Google Access enabled.
BAssign external IPs to on-premises servers and access Google APIs over the internet.
CUse a public NAT gateway in the VPC to route traffic from on-premises to Google APIs.
DConfigure on-premises servers to use Google Cloud DNS only.
Attempts:
2 left
πŸ’‘ Hint

Think about private connectivity options between on-premises and GCP.

❓ security
advanced
2:00remaining
What security risk exists if Private Google Access is enabled but firewall rules are too permissive?

If Private Google Access is enabled on a subnet but firewall rules allow all egress traffic, what is a potential security risk?

AVMs will lose internal network connectivity.
BVMs will be unable to access Google APIs due to firewall blocking.
CVMs might access unauthorized external internet services, bypassing intended restrictions.
DPrivate Google Access will disable all firewall rules automatically.
Attempts:
2 left
πŸ’‘ Hint

Consider what happens if egress traffic is not controlled.

❓ service_behavior
advanced
2:00remaining
What happens if Private Google Access is disabled on a subnet with VMs lacking external IPs?

VMs in a subnet do not have external IP addresses. Private Google Access is disabled. What is the expected behavior when these VMs try to reach Google APIs?

AVMs cannot reach Google APIs because they lack external IPs and Private Google Access is off.
BVMs reach Google APIs through internal IP routing automatically.
CVMs access Google APIs via a default NAT gateway without Private Google Access.
DVMs can access Google APIs only if firewall rules allow all egress.
Attempts:
2 left
πŸ’‘ Hint

Think about how VMs without external IPs connect to Google services.

βœ… Best Practice
expert
3:00remaining
Which is the best practice to securely enable Private Google Access for multiple projects in an organization?

You manage multiple GCP projects in an organization. You want to enable Private Google Access securely and consistently across projects. What is the best practice?

AUse Cloud NAT in each project and disable Private Google Access.
BEnable Private Google Access individually on each project’s subnet without central control.
CAssign external IPs to all VMs and disable Private Google Access to simplify management.
DUse Shared VPC with centrally managed subnets having Private Google Access enabled and restrict IAM roles accordingly.
Attempts:
2 left
πŸ’‘ Hint

Consider centralized network management and security controls.