exam questions

Exam Professional Cloud Architect All Questions

View all questions & answers for the Professional Cloud Architect exam

Exam Professional Cloud Architect topic 1 question 53 discussion

Actual exam question from Google's Professional Cloud Architect
Question #: 53
Topic #: 1
[All Professional Cloud Architect Questions]

You are deploying an application on App Engine that needs to integrate with an on-premises database. For security purposes, your on-premises database must not be accessible through the public internet. What should you do?

  • A. Deploy your application on App Engine standard environment and use App Engine firewall rules to limit access to the open on-premises database.
  • B. Deploy your application on App Engine standard environment and use Cloud VPN to limit access to the on-premises database.
  • C. Deploy your application on App Engine flexible environment and use App Engine firewall rules to limit access to the on-premises database.
  • D. Deploy your application on App Engine flexible environment and use Cloud VPN to limit access to the on-premises database.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
MyPractice
Highly Voted 4 years, 12 months ago
Agree with D - "When to choose the flexible environment" "Accesses the resources or services of your Google Cloud project that reside in the Compute Engine network." https://cloud.google.com/appengine/docs/the-appengine-environments
upvoted 54 times
AWS56
4 years, 11 months ago
Why not B ? https://cloud.google.com/appengine/docs/flexible/python/using-third-party-databases
upvoted 7 times
areza
3 years, 6 months ago
because app engine standard cant connect to on-prem db
upvoted 29 times
VSMu
1 year, 10 months ago
Where does it say appengine cannot connect to on-prem db? With CloudVPN, it shoudl connect as per this https://cloud.google.com/appengine/docs/flexible/storage-options#on_premises Also going with D will require app to be containerized. That is not listed in the requirement.
upvoted 6 times
Cloudcrawler
1 year, 4 months ago
This is the link for Standard Env https://cloud.google.com/appengine/docs/standard/storage-options Both standard and Flexible can connect to a VPC with Serverless VPC connector. Once it connects to a VPC, connecting to onprem is same for any service.
upvoted 4 times
jrisl1991
1 year, 2 months ago
I just had the same confusion. Serverless VPC Connector is something relatively newer than this question on the exam, so probably it's safer to assume that a VPC connection is not supported (at least directly) by App Engine Standard. Besides, this would add extra overhead, and would also increase the costs for the solution. Most of these questions haven't been updated or repurposed according to newer products and services. For this particular question, using a Serverless VPC Connector would add unnecessary complexity and the solution would become more expensive. I swore to god it was B lol, but after a few hours of reading the documentation, I changed my mind and switched to option D. You might want to do the same.
upvoted 4 times
...
...
...
...
elaineshi
2 years, 6 months ago
Isn't the question said "not public internet access"?
upvoted 2 times
mnsait
7 months, 1 week ago
Yes, that phrase in the question bothers me too. However, when I check this: https://cloud.google.com/appengine/docs/flexible/storage-options#:~:text=On%20premises,-If%20you%20have&text=Because%20App%20Engine%20and%20Compute,database%20server's%20internal%20IP%20address. it says "If you have existing on-premises databases that you want to make accessible to your App Engine app, you can either configure your internal network and firewall to give the database a public IP address or connect using a VPN." So I think the question should have skipped the words "not public internet access" if they want us to choose VPN.
upvoted 2 times
...
...
haroldbenites
3 years ago
In a forum mentions that GCE and CAP flex are designed for connect to VPC . With GAP standard is needed a proxy . https://stackoverflow.com/questions/47537204/how-to-connect-app-engine-and-on-premise-server-through-vpn
upvoted 5 times
...
...
...
jcmoranp
Highly Voted 5 years, 1 month ago
Right is D: https://stackoverflow.com/questions/37137914/is-it-possible-to-use-google-app-engine-with-google-cloud-vpn
upvoted 18 times
amxexam
2 years, 7 months ago
Question is can we restrict acess with VP N ?
upvoted 5 times
moiradavis
2 years, 5 months ago
The stackoverflow reference if older that the answer (6 years) I think that has changed.
upvoted 1 times
...
...
...
deep316
Most Recent 1 week, 4 days ago
Selected Answer: D
Standard requires more setup compared to Flexible. Standard Environment: To connect from the standard environment, you primarily use "Serverless VPC Access" which allows your App Engine app to reach your VPC network over private IP addresses without exposing it directly to the public internet. Flexible Environment: In the flexible environment, you can directly connect to your VPC network by deploying your app within the same VPC as your Cloud VPN gateway, enabling a more seamless connection using the private IP addresses of your network resources.
upvoted 1 times
...
Nimeshv
2 weeks, 4 days ago
Selected Answer: D
App Engine Standard Environment: Limited Customization: It runs on predefined runtime environments with limited flexibility. No Access to Compute Engine Network: It does not support integration with the VPC network, which is necessary for setting up VPN connections. App Engine Flexible Environment: Customizable Runtimes: Allows you to run custom runtimes and use your own Docker containers. VPC Integration: Fully supports VPC networking, enabling you to set up Cloud VPN to securely connect to your on-premises database. Greater Flexibility: More control over the instance types, scaling, and networking options.
upvoted 2 times
...
desertlotus1211
2 weeks, 4 days ago
Selected Answer: D
Per google: For using Cloud VPN, App Engine Flexible is generally considered better than App Engine Standard because it offers more customization and control over your virtual machine environment, allowing you to configure network settings and access on-premises resources more easily through the VPN Answer is D
upvoted 1 times
...
desertlotus1211
3 weeks, 6 days ago
Selected Answer: D
The answer is BOTH B&D... Answer: BD I'm not sure what is the point of the question or the problem. The standard environment can scale from zero instances up to thousands very quickly. In contrast, the flexible environment must have at least one instance running for each active version and can take longer to scale out in response to traffic. Standard environment uses a custom-designed autoscaling algorithm. But the question doesn't address this.
upvoted 1 times
desertlotus1211
3 weeks, 6 days ago
Sorry I have to mark an answer. I wanted to choose B&D, but it won't let me
upvoted 1 times
...
...
icarogsm
1 month ago
Selected Answer: D
D, just App Engine Flex can connect to onprem.
upvoted 1 times
...
Ekramy_Elnaggar
1 month ago
Selected Answer: D
The flexible environment gives you more control over the networking configuration of your application. This is crucial for setting up a secure connection to your on-premises database.
upvoted 1 times
...
yocixim836
1 month, 1 week ago
Selected Answer: B
https://cloud.google.com/appengine/docs/standard/storage-options#on_premises
upvoted 2 times
...
dpttpd
2 months ago
Selected Answer: B
https://cloud.google.com/appengine/docs/standard/storage-options#on_premises
upvoted 2 times
...
raghupothula
3 months ago
B and C are not appropriate and wherein in App Engine flex resources reside in VPC NEtwo https://cloud.google.com/appengine/docs/the-appengine-environments#app-engine-environments D
upvoted 1 times
...
maxdanny
3 months, 2 weeks ago
Selected Answer: D
App Engine flexible environment provides more flexibility and supports VPC (Virtual Private Cloud) connectivity, which allows you to set up a Cloud VPN connection. The VPN can be used to securely connect your App Engine application to the on-premises database without exposing it to the public internet.
upvoted 2 times
...
joecloud12
4 months, 2 weeks ago
Selected Answer: B
flexible is more expensive. standard will suffice
upvoted 1 times
...
janji456
4 months, 4 weeks ago
D et up a VPN connection between your on-premises network and Google Cloud. This establishes a secure tunnel for communication. Your App Engine
upvoted 1 times
...
neha_pallod
5 months, 2 weeks ago
Selected Answer: B
right answer is B
upvoted 1 times
...
nhatne
5 months, 3 weeks ago
Selected Answer: D
"your on-premises database must not be accessible through the public internet" => definitely C
upvoted 1 times
nhatne
5 months, 3 weeks ago
sorry was a typo, It's D
upvoted 1 times
Toothpick
5 months ago
B and D both use public internet, ie, VPN. So B is the easier option as per https://cloud.google.com/appengine/docs/standard/connecting-vpc
upvoted 1 times
...
...
...
gustangelo
6 months, 4 weeks ago
Selected Answer: B
The documentation mentions that App Engine Standard can connect to on-prem database using VPN. Link of the documentation: https://cloud.google.com/appengine/docs/standard/storage-options
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago