New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 1 Question 91 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 91
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your customer has an on-premises Public Key Infrastructure (PKI) with a certificate authority (CA). You need to issue certificates for many HTTP load balancer frontends. The on-premises PKI should be minimally affected due to many manual processes, and the solution needs to scale.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: C

This approach allows you to leverage your existing on-premises PKI infrastructure while minimizing its impact and manual processes. By creating a subordinate CA in Google's Certificate Authority Service, you can automate the process of issuing certificates for your HTTP load balancer frontends. This solution scales well as the number of load balancers increases.


by Janae at Sep 17, 2024, 04:14 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Janae
3 months ago
Wait, are we really trusting Google’s CA over our own?
upvoted 0 times
...
Kimberely
3 months ago
D is way too complicated for this scenario.
upvoted 0 times
...
Delisa
3 months ago
C sounds interesting, but can it really integrate smoothly?
upvoted 0 times
...
Thaddeus
4 months ago
I think B is better for keeping things consistent with the on-prem PKI.
upvoted 0 times
...
Delfina
4 months ago
Option A seems the easiest for scaling.
upvoted 0 times
...
Essie
4 months ago
Option D seems complicated with the PKCS12 certificates and the external TCP/UDP load balancer. I don't remember us going over that in detail, so I'm hesitant about it.
upvoted 0 times
...
Elke
4 months ago
I feel like using Certificate Manager for Google managed public certificates in option A could simplify things, but I can't recall if we covered how that affects the on-premises setup.
upvoted 0 times
...
Angelica
4 months ago
I think option B sounds familiar, especially since we practiced importing certificates with gcloud. But I wonder if that would really scale well for many load balancers?
upvoted 0 times
...
Leonardo
5 months ago
I remember we discussed the importance of minimizing impact on the existing PKI, so maybe option C could be a good fit? But I'm not entirely sure how the subordinate CA works in this context.
upvoted 0 times
...
Giuseppe
5 months ago
I'm leaning towards option B. Importing the certificates from the on-premises PKI seems like a good way to maintain control and visibility, while still leveraging the Certificate Manager service. I'll need to research the gcloud tool for importing to make sure it's a viable solution.
upvoted 0 times
...
Trevor
5 months ago
Hmm, I'm a bit unsure about this one. The requirement to minimize impact on the on-premises PKI is tricky. I'll need to carefully review the options and think through the pros and cons of each approach.
upvoted 0 times
...
Rozella
5 months ago
This question seems straightforward. I think option C is the best approach to minimize impact on the on-premises PKI while scaling the certificate issuance.
upvoted 0 times
...
Ulysses
5 months ago
Option A looks like the easiest solution, but I'm worried it might not fully address the requirement to minimize impact on the on-premises PKI. I'll need to dig deeper into the details of each option.
upvoted 0 times
...
Justine
5 months ago
The NPSP Conversion Utility tool sounds interesting, but I'm not sure if that's the right approach for an existing Salesforce organization. I'll need to research that option further.
upvoted 0 times
...
Magnolia
1 year ago
Haha, Option D is like trying to reinvent the wheel with a square! Let's keep it simple and go with Option C. Google's got our backs on this one.
upvoted 0 times
Mariann
1 year ago
Good choice, Option C seems like the most straightforward solution for our on-premises PKI.
upvoted 0 times
...
Alesia
1 year ago
Yeah, let's not make things more difficult than they need to be. Option C it is.
upvoted 0 times
...
Layla
1 year ago
I agree, Google's tools are usually the way to go for these types of tasks.
upvoted 0 times
...
Buddy
1 year ago
Option D is definitely overcomplicating things. Let's stick with Option C and use the Google Certificate Authority Service.
upvoted 0 times
...
...
Leila
1 year ago
Whoa, Option D has some interesting ideas, but I'm not sure I'd want to deal with PKCS12 certificates and OpenSSL on-premises. Sounds like a lot of manual work to me.
upvoted 0 times
Dorothy
1 year ago
User 3: I think Option B could also work well. Importing certificates from the on-premises PKI using Certificate Manager and the gcloud tool seems like a good approach.
upvoted 0 times
...
Daniel
1 year ago
User 2: I agree with you, Daniel. Option A sounds like the most efficient solution for issuing certificates for the HTTP load balancer frontends.
upvoted 0 times
...
Lavonna
1 year ago
User 1: Option A seems like the best choice. Using Google managed public certificates and configuring it with infrastructure as code would minimize manual processes and scale easily.
upvoted 0 times
...
...
Gail
1 year ago
Hold up, folks! What about Option B? Importing the on-premises certificates into Certificate Manager could be a simpler solution. Gcloud is a powerful tool, after all.
upvoted 0 times
...
Cassie
1 year ago
I'm with Staci on this one. Option C is the clear winner. Using a subordinate CA is the perfect way to keep the on-premises PKI in the loop while scaling up the certificate management process.
upvoted 0 times
Celestina
1 year ago
It's important to maintain the connection to the on-premises PKI while ensuring scalability. Option C seems like the most efficient solution.
upvoted 0 times
...
Jesusita
1 year ago
I agree, using a subordinate CA from the on-premises PKI system is the best choice for issuing certificates.
upvoted 0 times
...
Colette
1 year ago
Option C is definitely the way to go. It keeps the on-premises PKI involved while scaling up.
upvoted 0 times
...
...
Crissy
1 year ago
I personally think option C is the way to go, using a subordinate CA in the Google Certificate Authority Service from our on-premises PKI system seems like a scalable solution.
upvoted 0 times
...
James
1 year ago
I disagree, I believe option B is more suitable as it allows us to import certificates from our on-premises PKI and use the gcloud tool for importing.
upvoted 0 times
...
Staci
1 year ago
Option C is the way to go! Leveraging the Google Certificate Authority Service to issue certificates for the load balancers is the most scalable and minimally intrusive solution.
upvoted 0 times
Malinda
1 year ago
I think using a subordinate CA in the Google Certificate Authority Service is the best option for issuing certificates for the HTTP load balancer frontends.
upvoted 0 times
...
Gearldine
1 year ago
Definitely, leveraging the Google Certificate Authority Service is the way to go for a scalable solution.
upvoted 0 times
...
Larae
1 year ago
It's definitely a smart choice to use the Google Certificate Authority Service for issuing certificates, it simplifies the process and ensures scalability.
upvoted 0 times
...
Julianna
1 year ago
I agree, it's the most efficient way to issue certificates for the load balancers without disrupting the on-premises PKI.
upvoted 0 times
...
Marylou
1 year ago
Option C is the best choice. Using a subordinate CA in the Google Certificate Authority Service will help scale the solution.
upvoted 0 times
...
Yasuko
1 year ago
I agree, using a subordinate CA in the Google Certificate Authority Service will help maintain the on-premises PKI system while scaling for the load balancers.
upvoted 0 times
...
German
1 year ago
Option C is the way to go! Leveraging the Google Certificate Authority Service to issue certificates for the load balancers is the most scalable and minimally intrusive solution.
upvoted 0 times
...
...
Glendora
1 year ago
I think option A is the best choice because it allows us to issue Google managed public certificates and configure them using infrastructure as code.
upvoted 0 times
...

Save Cancel