How should your team design this network?

Professional Cloud Security Engineer V3 0 Comments

Your team needs to make sure that their backend database can only be accessed by the frontend application and no other instances on the network.

How should your team design this network?
A . Create an ingress firewall rule to allow access only from the application to the database using firewall tags.
B . Create a different subnet for the frontend application and database to ensure network isolation.
C . Create two VPC networks, and connect the two networks using Cloud VPN gateways to ensure network isolation.
D . Create two VPC networks, and connect the two networks using VPC peering to ensure network isolation.

Answer: A

Explanation:

"However, even though it is possible to uses tags for target filtering in this manner, we recommend that you use service accounts where possible. Target tags are not access-controlled and can be changed by someone with the instance Admin role while VMs are in service. Service accounts are access-controlled, meaning that a specific user must be explicitly authorized to use a service account. There can only be one service account per instance, whereas there can be multiple tags. Also, service accounts assigned to a VM can only be changed when the VM is stopped"

Latest Professional Cloud Security Engineer Dumps Valid Version with 93 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download Professional Cloud Security Engineer PDF     Professional Cloud Security Engineer Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments