ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Architect All Questions

View all questions & answers for the Professional Cloud Architect exam
Go to Exam

Exam Professional Cloud Architect topic 4 question 6 discussion

Actual exam question from Google's Professional Cloud Architect
Question #: 6
Topic #: 4
[All Professional Cloud Architect Questions]

For this question, refer to the EHR Healthcare case study. In the past, configuration errors put public IP addresses on backend servers that should not have been accessible from the Internet. You need to ensure that no one can put external IP addresses on backend Compute Engine instances and that external IP addresses can only be configured on frontend Compute Engine instances. What should you do?

  • A. Create an Organizational Policy with a constraint to allow external IP addresses only on the frontend Compute Engine instances.
  • B. Revoke the compute.networkAdmin role from all users in the project with front end instances.
  • C. Create an Identity and Access Management (IAM) policy that maps the IT staff to the compute.networkAdmin role for the organization.
  • D. Create a custom Identity and Access Management (IAM) role named GCE_FRONTEND with the compute.addresses.create permission.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by rvopoqvmtlwdlzrqxr at Aug. 23, 2021, 6:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rvopoqvmtlwdlzrqxr
Highly Voted 3 years, 2 months ago
A - configuration by Organization policy service
upvoted 23 times
...
Snowball998877
Highly Voted 2 years, 1 month ago
It's A. Following is from Google page: "Using an Organization Policy, you can restrict external IP addresses to specific VMs with constraints to control use of external IP addresses for your VM instances within an organization or a project."
upvoted 8 times
...
Gino17m
Most Recent 5 months, 3 weeks ago
Selected Answer: A
A is correct
upvoted 1 times
...
surajkrishnamurthy
1 year, 10 months ago
Selected Answer: A
A is the correct answer
upvoted 2 times
...
megumin
1 year, 11 months ago
Selected Answer: A
A is ok
upvoted 1 times
...
Mahmoud_E
2 years ago
Selected Answer: A
A is the clear answer as per google recommendation
upvoted 2 times
...
AzureDP900
2 years ago
I will choose A
upvoted 1 times
...
chickennuggets
2 years, 2 months ago
Compute Network admin role info: https://cloud.google.com/compute/docs/access/iam#compute.networkAdmin I think it may be B
upvoted 1 times
...
chickennuggets
2 years, 2 months ago
D cant be right - A is closet per https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address#disableexternalip There are some risks to not being able to create new MiG and GKE clusters
upvoted 1 times
...
andre123
2 years, 5 months ago
the question say " to ensure no one can put external IP addresses on backend Compute Engine instances and that external IP addresses can only be configured on frontend Compute Engine instances ". I think D. what do you think
upvoted 1 times
...
[Removed]
2 years, 9 months ago
Selected Answer: A
vote A
upvoted 2 times
...
OrangeTiger
2 years, 9 months ago
I think A is correct. https://cloud.google.com/blog/ja/products/identity-security/limiting-public-ips-google-cloud
upvoted 2 times
...
Pime13
2 years, 10 months ago
Selected Answer: A
A -> https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address#disableexternalip
upvoted 3 times
...
[Removed]
2 years, 10 months ago
I'm not sure if A is correct. From the doc posted in the discussion (https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address#disableexternalip); the organization policy only applies to created instances and won't apply if they're recreated. So it doesn't seem like an option that *prevents* the creation of non-public instances.
upvoted 1 times
[Removed]
2 years, 10 months ago
From that link: "Specifications You can only apply this list constraint to VM instances. You cannot apply the constraint retroactively. All VM instances that have external IP addresses before the policy is enabled retain their external IP address. This constraint accepts either an allowedList or a deniedList but not both in the same policy. It is up to you or an administrator with the required permissions to manage and maintain the instance lifecycle and integrity. The constraint only verifies the instance's URI, and it does not prevent the allowlisted VMs from being altered, deleted, or recreated."
upvoted 2 times
...
...
pakilodi
2 years, 10 months ago
Selected Answer: A
Vote A
upvoted 1 times
...
joe2211
2 years, 11 months ago
Selected Answer: A
vote A
upvoted 8 times
...
[Removed]
3 years ago
A is right. D does not define any rule so it is not making any sense.
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago