You are configuring network settings in your cloud environment. You've set up a custom route (0.0.0.0/0) to direct outgoing traffic to a third-party next-generation firewall for inspection. However, you want to exempt certain VPC instances without public IP addresses from being routed through the firewall when accessing the BigQuery and Cloud Pub/Sub APIs. What are two actions you should take? (Select two.)