Exam Professional Cloud Database Engineer topic 1 question 1 discussion

Option B is the best choice. By using the internal (private) IP address of the Cloud SQL instance, the traffic will stay within the corporate network and will not traverse the public internet. This will help to ensure that the traffic is secure and cannot be intercepted by unauthorized parties. Additionally, using the internal IP address does not require any additional configuration changes to the database instance. Option A is not recommended as it requires exposing the database instance's external (public) IP address, which can be less secure and may require additional firewall rules. Option C is a valid option if SSL is enabled on the Cloud SQL instance, but since SSL is disabled in this scenario, this option is not suitable. Option D is not recommended as it requires exposing the database instance's external (public) IP address, which can be less secure and may require additional firewall rules.

C. The IP address given is a private IP address and not routable via the internet. Therefore any answer which references a public IP is wrong by definition (A, D). That leaves B and C. B cannot be correct because the app is on a corporate network and thus not on a Google VPC network. Good security practices dictate using Cloud SQL Auth Proxy and a service account which access the Cloud SQL instance via its private IP address.

I did the exam on January 2025, and all set of questions were here.

The Cloud SQL instance is configured with a private IP address (192.168.3.48), and your application is on the same corporate network. Therefore, the private IP address is accessible directly, and there is no need to use the Cloud SQL Auth proxy or external (public) IP address.

The Cloud SQL connectors are libraries that provide encryption and IAM-based authorization when connecting to a Cloud SQL instance. They can't provide a network path to a Cloud SQL instance if one is not already present. Other ways to connect to a Cloud SQL instance include using a database client or the Cloud SQL Auth proxy.

because the most secure way is using Cloud SQL Proxy

C is the valid

Vote for C

Service account is a must.

Vote for C

Vote for C

Vote for C

C: Define a connection string using Cloud SQL Auth proxy *** configured with a service account to point to the internal (private) IP address of your Cloud SQL instance.

Database Migration Service Simplify migrations to the cloud. Available now for MySQL and PostgreSQL, with SQL Server and Oracle migrations in preview. • Migrate to Cloud SQL and AlloyDB for PostgreSQL from on-premises, Google Cloud, or other clouds • Replicate data continuously for minimal downtime migrations • Serverless and easy to set up

C is the correct answer

C is correct answer. First of all SSL is disabled and it is not secure to get it exposed to Internet. https://cloud.google.com/sql/docs/postgres/connect-overview#authentication_options

C is correct, must be private ip because the ip starts with 192... and cloud sql require a proxy to connect because exist on a tenant project