Your organization has decided to restrict the use of external IP addresses on instances to only approved instances. You want to enforce this requirement across all of your Virtual Private Clouds (VPCs). What should you do?
Choose an answer
Tap an option to check your answer.
Correct answer: Set an Organization Policy with a constraint on constraints/compute.vmExternalIpAccess. List the approved instances in the allowedValues list..
Why this is the answer
The correct solution is to set an Organization Policy with a constraint on constraints/compute.vmExternalIpAccess and list the approved instances in the allowedValues list. This Organization Policy constraint directly controls whether VMs can have external IP addresses, allowing for granular control at the organization, folder, or project level. By specifying allowedValues, you can precisely define which instances are permitted to have external IPs, enforcing the requirement across all VPCs effectively. Removing default routes or creating new VPCs/subnets with specific routes are network configuration changes that don't directly prevent the assignment of external IPs to instances, only their ability to reach the internet. A Cloud NAT solution allows instances without external IPs to egress to the internet, but it doesn't prevent an external IP from being assigned in the first place, which is the core requirement.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed