You work for a bank with strict data governance requirements. You recently implemented a custom model to detect fraudulent transactions. You want your training code to download internal data by using an API endpoint hosted in your project’s network. You need the data to be accessed in the most secure way, while mitigating the risk of data exfiltration. What should you do?

A. Enable VPC Service Controls for peerings, and add Vertex AI to a service perimeter. B. Create a Cloud Run endpoint as a proxy to the data. Use Identity and Access Management (IAM) authentication to secure access to the endpoint from the training job. C. Configure VPC Peering with Vertex AI, and specify the network of the training job. D. Download the data to a Cloud Storage bucket before calling the training job.