ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Architect All Questions

View all questions & answers for the Professional Cloud Architect exam
Go to Exam

Exam Professional Cloud Architect topic 1 question 72 discussion

Actual exam question from Google's Professional Cloud Architect
Question #: 72
Topic #: 1
[All Professional Cloud Architect Questions]

Your web application has several VM instances running within a VPC. You want to restrict communications between instances to only the paths and ports you authorize, but you don't want to rely on static IP addresses or subnets because the app can autoscale. How should you restrict communications?

  • A. Use separate VPCs to restrict traffic
  • B. Use firewall rules based on network tags attached to the compute instances
  • C. Use Cloud DNS and only allow connections from authorized hostnames
  • D. Use service accounts and configure the web application to authorize particular service accounts to have access
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by AWS56 at Jan. 12, 2020, 2:39 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AWS56
Highly Voted 3 years, 9 months ago
Agree B
upvoted 24 times
kumarp6
2 years, 12 months ago
Yes B it is
upvoted 2 times
...
nitinz
2 years, 7 months ago
B is correct
upvoted 2 times
...
...
omermahgoub
Highly Voted 10 months, 1 week ago
B. Use firewall rules based on network tags attached to the compute instances To restrict communications between VM instances within a VPC without relying on static IP addresses or subnets, you can use firewall rules based on network tags attached to the compute instances. This will allow you to specify which instances are allowed to communicate with each other and on which paths and ports. You can then attach the relevant network tags to the compute instances when they are created, allowing you to control communication between the instances without relying on static IP addresses or subnets.
upvoted 13 times
omermahgoub
10 months, 1 week ago
Option A, using separate VPCs to restrict traffic, would not be a suitable solution because it would not allow the instances to communicate with each other, which is likely necessary for the functioning of the web application. Option C, using Cloud DNS and only allowing connections from authorized hostnames, would not be a suitable solution because it would not allow you to control communication between the instances based on their IP addresses or other characteristics. Option D, using service accounts and configuring the web application to authorize particular service accounts to have access, would not be a suitable solution because it would not allow you to control communication between the instances based on their IP addresses or other characteristics.
upvoted 5 times
...
...
SureshbabuK
Most Recent 11 months ago
Selected Answer: B
Access to specific ports and protocol can be controlled only by firewall rule - Hence B is correct. D is not correct as service account is to authenticate and Authorized a specific machine to resource or service not ports and protocols
upvoted 4 times
...
megumin
11 months, 3 weeks ago
Selected Answer: B
B is ok
upvoted 1 times
...
AzureDP900
1 year ago
B is the best option.
upvoted 1 times
...
abirroy
1 year, 1 month ago
Selected Answer: B
Use firewall rules based on network tags attached to the compute instances
upvoted 2 times
...
alexandercamachop
1 year, 1 month ago
The secret is "paths and ports". Which tell us Firewall as our only option.
upvoted 5 times
medi01
6 months, 1 week ago
And how does firewall restrict "paths" pretty please?
upvoted 5 times
...
...
cbarg
1 year, 3 months ago
Selected Answer: B
B Firewall rules to restrict traffic
upvoted 1 times
...
haroldbenites
1 year, 10 months ago
Go for B.
upvoted 2 times
...
vincy2202
1 year, 11 months ago
B is the right answer
upvoted 2 times
...
MaxNRG
1 year, 12 months ago
B – use firewall rules based on network tags attached to the compute instances This answer avoids using IP, which are replaced by tags.
upvoted 3 times
...
MamthaSJ
2 years, 3 months ago
Answer is B
upvoted 4 times
...
areza
2 years, 4 months ago
B is ok
upvoted 1 times
...
victory108
2 years, 5 months ago
B. Use firewall rules based on network tags attached to the compute instances
upvoted 2 times
...
Ausias18
2 years, 6 months ago
Answer is B
upvoted 1 times
...
lynx256
2 years, 7 months ago
B is ok
upvoted 1 times
...
Vika
2 years, 8 months ago
Agree B
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago