ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 243 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 243
Topic #: 1
[All Professional Cloud Security Engineer Questions]

An administrative application is running on a virtual machine (VM) in a managed group at port 5601 inside a Virtual Private Cloud (VPC) instance without access to the internet currently. You want to expose the web interface at port 5601 to users and enforce authentication and authorization Google credentials.

What should you do?

  • A. Configure the bastion host with OS Login enabled and allow connection to port 5601 at VPC firewall. Log in to the bastion host from the Google Cloud console by using SSH-in-browser and then to the web application.
  • B. Modify the VPC routing with the default route point to the default internet gateway. Modify the VPC Firewall rule to allow access from the internet 0.0.0.0/0 to port 5601 on the application instance.
  • C. Configure Secure Shell Access (SSH) bastion host in a public network, and allow only the bastion host to connect to the application on port 5601. Use a bastion host as a jump host to connect to the application.
  • D. Configure an HTTP Load Balancing instance that points to the managed group with Identity-Aware Proxy (IAP) protection with Google credentials. Modify the VPC firewall to allow access from IAP network range.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by MisterHairy at Nov. 21, 2023, 11:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
glb2
7 months, 1 week ago
Selected Answer: D
D. Configuring an HTTP Load Balancing instance with Identity-Aware Proxy (IAP) protection ensures that access to the web interface at port 5601 is authenticated and authorized using Google credentials. IAP verifies user identity before allowing access to the backend service.
upvoted 2 times
...
PhuocT
8 months, 1 week ago
Selected Answer: D
D is the answer
upvoted 1 times
...
mjcts
8 months, 3 weeks ago
Selected Answer: B
The only viable option
upvoted 1 times
PhuocT
8 months, 1 week ago
How B could enforce authentication and authorization Google credentials?
upvoted 1 times
...
...
MisterHairy
11 months, 1 week ago
Selected Answer: D
The correct answer is D. Configure an HTTP Load Balancing instance that points to the managed group with Identity-Aware Proxy (IAP) protection with Google credentials. Modify the VPC firewall to allow access from IAP network range. This approach allows you to expose the web interface securely by using Identity-Aware Proxy (IAP), which provides authentication and authorization with Google credentials. The HTTP Load Balancer can distribute traffic to the VMs in the managed group, and the VPC firewall rule ensures that access is allowed from the IAP network range.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago