You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall. Which two actions should you take? (Choose two.)
A) Turn on Private Google Access at the subnet level.
B) Turn on Private Google Access at the VPC level.
C) Turn on Private Services Access at the VPC level.
D) Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.
E) Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.

Question

Quizplus · Accepted Answer

The Answer of You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall. Which two actions should you take? (Choose two.)
A) Turn on Private Google Access at the subnet level.
B) Turn on Private Google Access at the VPC level.
C) Turn on Private Services Access at the VPC level.
D) Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.
E) Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.

You Are Using a Third-Party Next-Generation Firewall to Inspect Traffic