Exam Professional Cloud Developer topic 1 question 131 discussion

I vote B https://cloud.google.com/istio/docs/istio-on-gke/installing (deprecated)

Istio and mTLS: Istio is a service mesh that provides a powerful way to manage and secure traffic between applications in a Kubernetes cluster. Enabling mTLS (mutual TLS) with Istio ensures that all communication between services is encrypted and authenticated. Benefits of using Istio and mTLS: Minimal Application Changes: Istio works transparently with your applications. You don't need to modify your application code to enable encryption. Centralized Management: Istio provides a single point of control for managing security policies across your cluster. Google Support: Istio is a Google-supported project, so you can rely on Google's expertise and documentation. Comprehensive Security: mTLS provides both encryption and authentication, ensuring that only authorized services can communicate with each other.

Answer: B Istio enhances the security of microservices by providing features such as mutual TLS (Transport Layer Security) authentication between services, access controls, and encryption of communication channels.

Istio is a service mesh that can be used to encrypt traffic between applications in a GKE cluster. It does this by injecting a sidecar proxy into each pod. The sidecar proxy intercepts all traffic to and from the pod and encrypts it using mTLS (mutual TLS).

Istio is suitable for providing cutting edge concerns to the services running in the GKE cluster. Istio provides security, fault tolerance and resiliency out of the box.

B. Install Istio, enable proxy injection on your application namespace, and then enable mTLS. Istio is a service mesh that runs within your Kubernetes cluster and provides a set of features, such as traffic management, service discovery, and automatic encryption of traffic between services using mutual Transport Layer Security (mTLS). By installing Istio and enabling proxy injection on your application namespace, you can quickly and easily enable mTLS for all traffic within the cluster without making changes to your applications. Once the proxy injection is enabled, Istio automatically adds the necessary sidecar proxies to each pod in the namespace and configures them to encrypt traffic.

B is the answer. https://cloud.google.com/istio/docs/istio-on-gke/overview Istio gives you the following benefits: - Secure service-to-service communication in a cluster with strong identity-based authentication and authorization.

B is correct

B should work. It's the only answer with a solution without blocking or restricting the cluster traffic

B is correct

will go with D. A,C are no where in context( traffic should be encrypted) if there is Anthos Service Mesh instead of Istio in B then it is definitely B.

This question/answers are outdated... Google stop supporting Istio implementations and suggest to migrate to ASM. Option B seems more reasonable, but depends on the date it was written.

The question is not about blocking the traffic. D is the correct answer.