{"results":[{"id":"auto-mode-vpc-creates-slash-20-subnets","text":"Auto mode VPC networks automatically create one /20 subnet per region from the 10.128.0.0/9 block.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloud-armor-compensates-vpc-ingress-visibility-gap","text":"Cloud Armor's edge-first defense compensates for VPC-level ingress visibility gaps by filtering and logging malicious traffic at the Google Cloud edge before it reaches the VPC boundary where flow logs have systematic blind spots for denied ingress packets.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloud-armor-operates-at-edge","text":"Cloud Armor operates at the Google Cloud edge, filtering traffic before it reaches backend resources or enters VPC networks.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloud-dns-shared-vpc-zones-in-host-project","text":"Shared VPC private/forwarding/peering zones must be created in the host project (or use cross-project binding in service projects).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloud-nat-private-nat-overlapping-ip-ranges","text":"Private NAT addresses the overlapping IP range problem between VPC networks, using NCC spokes for connectivity.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloud-nat-serverless-requires-vpc-egress","text":"Serverless resources (Cloud Run, Cloud Run functions, App Engine) require Direct VPC egress or Serverless VPC Access to use Cloud NAT.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloud-nat-software-defined-regional-gateway","text":"Cloud NAT is a software-defined regional gateway on Cloud Router (not proxy VMs), routing internet egress while directing Google API traffic through Private Google Access instead, and requiring VPC egress configuration for serverless resources.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudbuild-private-pool-vpc-peering-access","text":"Cloud Build private pools connect to customer VPC networks via VPC peering (private services access) to reach private resources.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudrun-direct-vpc-egress-more-ip-addresses","text":"Direct VPC egress uses more IP addresses than Serverless VPC Access connectors in most cases.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudrun-direct-vpc-egress-network-tags-per-service","text":"Direct VPC egress supports network tags per service/job revision for fine-grained firewall rules; connectors share tags across all services using the same connector.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudrun-direct-vpc-egress-recommended","text":"Direct VPC egress is the recommended method for Cloud Run outbound traffic to a VPC, requiring no connector VMs, with lower latency and scales to zero cost.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudrun-internet-egress-requires-vpc-plus-nat-chain","text":"Cloud Run internet egress for VPC-connected workloads requires chaining two regional constructs: Direct VPC egress (preferred over connector VMs) for outbound-only VPC access, then Cloud NAT on Cloud Router for internet-bound traffic — neither alone is sufficient for serverless-to-internet connectivity.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudrun-vpc-connector-uses-compute-engine-vms","text":"Serverless VPC Access connectors require provisioned Compute Engine VM instances that add cost and maintenance overhead.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudrun-vpc-egress-direct-over-connector","text":"Cloud Run VPC egress should use Direct VPC egress over Serverless VPC Access connectors: direct egress requires no connector VMs (avoiding Compute Engine cost and maintenance), has lower latency, and both methods handle only outbound traffic.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudrun-vpc-egress-outbound-only","text":"Both Direct VPC egress and Serverless VPC Access connectors handle only outbound traffic from Cloud Run; inbound from VPC routes through a load balancer.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudsql-private-ip-inherits-peering-constraints","text":"Cloud SQL private IP connectivity inherits all VPC peering limitations: non-transitivity restricts multi-network reach, non-RFC1918 ranges need manual authorization, and the required private services access creates an implicit peering dependency.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudsql-private-ip-replica-inherits-peering","text":"A Cloud SQL replica inherits its private IP status and VPC peering configuration from the primary instance.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudsql-private-ip-requires-vpc","text":"Cloud SQL private IP connectivity requires a VPC network; public IP is internet-accessible.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudsql-private-ip-uses-private-services-access","text":"Cloud SQL private IP uses private services access to create private connections between a customer's VPC and Google's service producer VPC.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudsql-private-ip-vpc-peering-not-transitive","text":"VPC Network Peering used by Cloud SQL private IP is not transitive — only directly peered networks can communicate.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":110,"limit":20,"offset":0}