What should you do?

Professional Cloud Security Engineer V3 0 Comments

You have an application where the frontend is deployed on a managed instance group in subnet A and the data layer is stored on a mysql Compute Engine virtual machine (VM) in subnet B on the same VPC. Subnet A and Subnet B hold several other Compute Engine VMs. You only want to allow thee application frontend to access the data in the application’s mysql instance on port 3306.

What should you do?
A . Configure an ingress firewall rule that allows communication from the src IP range of subnet A to the tag "data-tag" that is applied to the mysql Compute Engine VM on port 3306.
B . Configure an ingress firewall rule that allows communication from the frontend’s unique service account to the unique service account of the mysql Compute Engine VM on port 3306.
C . Configure a network tag "fe-tag" to be applied to all instances in subnet A and a network tag "data-tag" to be applied to all instances in subnet
D . Then configure an egress firewall rule that allows communication from Compute Engine VMs tagged with data-tag to destination Compute Engine VMs tagged fe-tag.
E . Configure a network tag "fe-tag" to be applied to all instances in subnet A and a network tag "data-tag" to be applied to all instances in subnet
F . Then configure an ingress firewall rule that allows communication from Compute Engine VMs tagged with fe-tag to destination Compute Engine VMs tagged with data-tag.

Answer: B

Explanation:

https://cloud.google.com/sql/docs/mysql/sql-proxy#using-a-service-account

Latest Professional Cloud Security Engineer Dumps Valid Version with 93 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download Professional Cloud Security Engineer PDF     Professional Cloud Security Engineer Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments