A company is deploying an internal load balancer (ILB) in a VPC to distribute traffic among backend instances in a managed instance group. The ILB should only be accessible from within the VPC. Which of the following is a required step when configuring the ILB?
The ILB's IP is allocated from a subnet in the same region.
Why this answer
An internal load balancer (ILB) in GCP requires a regional forwarding rule that routes traffic to backend instances within the same VPC. Specifying a subnet in the same region as the backend instances is mandatory because the ILB's internal IP address is allocated from that subnet, and the forwarding rule must reference a subnet to enable internal-only routing. Without a subnet, the ILB cannot be provisioned as an internal load balancer.
Exam trap
Google Cloud often tests the misconception that an internal load balancer requires an external IP or SSL termination, but the key requirement is specifying a subnet in the same region as the backends for internal IP allocation.
How to eliminate wrong answers
Option A is wrong because an internal load balancer uses an internal IP address, not an external one; assigning a static external IP would make it an external load balancer, which is not required for internal-only access. Option B is wrong because SSL certificates are only needed for HTTPS/SSL proxy load balancers, not for internal TCP/UDP load balancers, which operate at Layer 4 and do not terminate TLS. Option D is wrong because Cloud NAT is used to provide outbound internet access for instances without external IPs, but it is unrelated to inbound traffic distribution via an internal load balancer.