🔥 3-day streak
Professional Cloud Architect129 / 169
Question 129 of 169

A financial services company runs a fleet of Compute Engine VMs in a subnet with no external IP addresses for security compliance. These VMs must upload processed reports to Cloud Storage and pull secrets from Secret Manager, but all traffic to Google APIs must stay off the public internet and no Cloud NAT egress is permitted. What should the architect configure to enable this access?

Reviewed for accuracy · Report an issueNext question