ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Developer All Questions

View all questions & answers for the Professional Cloud Developer exam
Go to Exam

Exam Professional Cloud Developer topic 1 question 177 discussion

Actual exam question from Google's Professional Cloud Developer
Question #: 177
Topic #: 1
[All Professional Cloud Developer Questions]

You manage a microservices application on Google Kubernetes Engine (GKE) using Istio. You secure the communication channels between your microservices by implementing an Istio AuthorizationPolicy, a Kubernetes NetworkPolicy, and mTLS on your GKE cluster. You discover that HTTP requests between two Pods to specific URLs fail, while other requests to other URLs succeed. What is the cause of the connection issue?

  • A. A Kubernetes NetworkPolicy resource is blocking HTTP traffic between the Pods.
  • B. The Pod initiating the HTTP requests is attempting to connect to the target Pod via an incorrect TCP port.
  • C. The Authorization Policy of your cluster is blocking HTTP requests for specific paths within your application.
  • D. The cluster has mTLS configured in permissive mode, but the Pod's sidecar proxy is sending unencrypted traffic in plain text.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by zellck at Dec. 15, 2022, 1:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
__rajan__
7 months, 1 week ago
Selected Answer: C
C is correct.
upvoted 1 times
...
purushi
8 months, 3 weeks ago
Selected Answer: C
Key here is "HTTP requests between two Pods to specific URLs fail", this means no auth rule set for these urls in the Istio configuration.
upvoted 1 times
...
telp
1 year, 3 months ago
Selected Answer: C
A is not correct because Kubernetes NetworkPolicy resources allow you to block HTTP traffic between groups of pods but not for selected paths. (https://kubernetes.io/docs/concepts/services-networking/network-policies/). B is not correct because if the client pod is using an incorrect port to communicate with the server, pod requests will time out for all URL paths. C is correct because an Istio Authorization policy allows you to block HTTP methods between pods for specific URL paths (https://istio.io/latest/docs/tasks/security/authorization/authz-http/). D is not correct because mTLS configuration using Istio should not cause HTTP requests to fail. In permissive mode (default configuration), a service can accept both plain text and mTLS encrypted traffic (https://istio.io/latest/docs/tasks/security/authentication/mtls-migration/).
upvoted 3 times
...
TNT87
1 year, 4 months ago
Selected Answer: C
https://cloud.google.com/service-mesh/docs/troubleshooting/troubleshoot-security#authorization_policy_denial_logging Answer C https://istio.io/latest/docs/ops/common-problems/network-issues/#sending-https-to-an-http-port
upvoted 1 times
...
zellck
1 year, 4 months ago
Selected Answer: C
C is the answer.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago