Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Developer All Questions

View all questions & answers for the Professional Cloud Developer exam
Go to Exam

Exam Professional Cloud Developer topic 1 question 3 discussion

Actual exam question from Google's Professional Cloud Developer
Question #: 3
Topic #: 1
[All Professional Cloud Developer Questions]

You are planning to migrate a MySQL database to the managed Cloud SQL database for Google Cloud. You have Compute Engine virtual machine instances that will connect with this Cloud SQL instance. You do not want to whitelist IPs for the Compute Engine instances to be able to access Cloud SQL.
What should you do?

  • A. Enable private IP for the Cloud SQL instance.
  • B. Whitelist a project to access Cloud SQL, and add Compute Engine instances in the whitelisted project.
  • C. Create a role in Cloud SQL that allows access to the database from external instances, and assign the Compute Engine instances to that role.
  • D. Create a CloudSQL instance on one project. Create Compute engine instances in a different project. Create a VPN between these two projects to allow internal access to CloudSQL.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by emmet at May 25, 2020, 6:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
emmet
Highly Voted 4 years, 6 months ago
The proposed answer seems incorrect, as according to the question application running access to Cloud SQL is run on the Compute Engine and the are no roles in Cloud SQL itself to manage Instance-level access control. According to https://cloud.google.com/sql/docs/mysql/connect-compute-engine there are 3 possible ways to connect from Compute Engine: 'Private IP', 'Public IP', 'Cloud SQL Proxy'. There is no 'Cloud SQL Proxy' option in answers, 'Public IP' requires IP whitelisting what is unacceptable according to the question, so the only valid answer is 'Private IP'
upvoted 26 times
...
peetzthanatip
Highly Voted 4 years ago
the answer is A.
upvoted 9 times
...
__rajan__
Most Recent 1 month, 4 weeks ago
Selected Answer: A
Enabling private IP allows the Compute Engine instances and the Cloud SQL instance to communicate over a private, internal network within Google Cloud Platform (GCP), rather than relying on external IP whitelisting.
upvoted 1 times
...
santoshchauhan
1 month, 4 weeks ago
Selected Answer: A
Selecting Answer A, "Enable private IP for the Cloud SQL instance," is the most efficient and secure method to allow your Google Compute Engine virtual machine instances to connect with a managed Cloud SQL database without the need to whitelist IP addresses. This approach involves configuring the Cloud SQL instance to use a private IP address that is accessible within your Google Cloud Platform (GCP) network. This setup ensures that your Compute Engine instances can securely connect to the Cloud SQL database over Google's private network, providing a high level of security as the database isn't exposed to the public internet. It simplifies the network configuration and avoids the management overhead and security risks associated with maintaining an IP whitelist.
upvoted 1 times
...
omermahgoub
1 year, 10 months ago
These are the options you can use to connect a Cloud SQL instance to a Compute Engine instance: 1. Private IP: You can use the private IP of the Cloud SQL instance to connect to it from the Compute Engine instance. This requires that the Cloud SQL instance and the Compute Engine instance are in the same VPC network. 2. Public IP: You can use the public IP of the Cloud SQL instance to connect to it from the Compute Engine instance. This requires that the Cloud SQL instance is configured to allow connections from the public IP of the Compute Engine instance.
upvoted 3 times
omermahgoub
1 year, 10 months ago
3. Cloud SQL Auth proxy: The Cloud SQL Auth proxy is a tool that allows you to connect to Cloud SQL instances from external applications. To use the Cloud SQL Auth proxy, you need to install it on the Compute Engine instance and use it to establish a connection to the Cloud SQL instance. 4. Cloud SQL Auth proxy Docker image: The Cloud SQL Auth proxy Docker image is a Docker image that contains the Cloud SQL Auth proxy. You can use this Docker image to run the Cloud SQL Auth proxy in a Docker container on the Compute Engine instance. This allows you to easily deploy and manage the Cloud SQL Auth proxy on the Compute Engine instance.
upvoted 3 times
omermahgoub
1 year, 10 months ago
And off course, you can enable private IP on a Cloud SQL instance on Google Cloud Platform (GCP). Private IP allows you to access a Cloud SQL instance from within the same VPC network, without the need to use a public IP or whitelist IP addresses. To enable private IP on a Cloud SQL instance, you need to do the following: Create a VPC network: First, you need to create a VPC network in which the Cloud SQL instance and the Compute Engine instance will be placed. Create a Cloud SQL instance: Next, you need to create a Cloud SQL instance and specify the VPC network that you created in step 1 as the network for the Cloud SQL instance. Enable private IP: Finally, you can enable private IP on the Cloud SQL instance by going to the "Networking" tab in the Cloud SQL instance's configuration page and selecting the "Private IP" option. Once you have enabled private IP on the Cloud SQL instance, you can access it from the Compute Engine instance using the private IP of the Cloud SQL instance. Answer is A
upvoted 1 times
...
...
...
tomato123
2 years, 3 months ago
Selected Answer: A
A is correct
upvoted 2 times
...
ruben82
2 years, 6 months ago
Selected Answer: A
The question is about "connection". Role assignment gives a set of permission to compute engine but doesn't allow connection.
upvoted 2 times
...
[Removed]
2 years, 6 months ago
The best way would be to connect the compute engine instance to cloud sql with Cloud SQL Auth Proxy (https://cloud.google.com/sql/docs/mysql/roles-and-permissions#proxy-roles-permissions). But the way that C is phrased makes me think that A is correct "...you can use the default Compute Engine service account associated with the Compute Engine instance. As with all accounts connecting to a Cloud SQL instance, the service account must have the Cloud SQL > Client role."
upvoted 1 times
...
jcataluna
2 years, 9 months ago
Selected Answer: A
Right answer is A. Agree with emmet.
upvoted 1 times
...
ParagSanyashiv
2 years, 10 months ago
Answer should be A
upvoted 1 times
...
chelovalpo
2 years, 12 months ago
The answer is A, private ip allows the connection between gce and cloudsql, for other hand isn't possible access to from gce to cloudsql though roles without public ip with firewall rules, private ip o cloudproxy
upvoted 2 times
...
SuperNest
3 years, 2 months ago
Personally agree the option C, using a private IP will allow all compute engine instances to access the database. What if not all of the compute instances within the same VPC are allowed?
upvoted 1 times
ruben82
2 years, 6 months ago
But the question is about connection. If you assign a role to compute engine, it'll have the permission to use Cloud SQL but couldn't allow to connect to it.
upvoted 1 times
...
...
wilwong
3 years, 4 months ago
agree C
upvoted 1 times
wilwong
3 years, 4 months ago
sorry the answer is A
upvoted 1 times
...
...
yuchun
3 years, 5 months ago
the answer is A.
upvoted 1 times
...
syu31svc
3 years, 5 months ago
https://cloud.google.com/sql/docs/mysql/connect-compute-engine#connect-gce-private-ip Answer is A given the options presented
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel