Google Professional Cloud Security Engineer Exam - Topic 3 Question 47 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 47
Topic #: 3

[All Professional Cloud Security Engineer Questions]

Your organization acquired a new workload. The Web and Application (App) servers will be running on Compute Engine in a newly created custom VPC. You are responsible for configuring a secure network communication solution that meets the following requirements:

Only allows communication between the Web and App tiers.

Enforces consistent network security when autoscaling the Web and App tiers.

Prevents Compute Engine Instance Admins from altering network traffic.

What should you do?

A1. Configure all running Web and App servers with respective network tags.
2. Create an allow VPC firewall rule that specifies the target/source with respective network tags.

B1. Configure all running Web and App servers with respective service accounts.
2. Create an allow VPC firewall rule that specifies the target/source with respective service accounts.

C1. Re-deploy the Web and App servers with instance templates configured with respective network tags.
2. Create an allow VPC firewall rule that specifies the target/source with respective network tags.

D1. Re-deploy the Web and App servers with instance templates configured with respective service accounts.
2. Create an allow VPC firewall rule that specifies the target/source with respective service accounts.

Show Suggested Answer

Suggested Answer: A

by Annmarie at Jun 02, 2022, 01:00 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Rossana

4 months ago

Not sure if tags alone will prevent instance admins from messing with traffic.

upvoted 0 times

...

Tracie

4 months ago

Definitely A, tags are the way to go for this scenario.

upvoted 0 times

...

Denise

4 months ago

Surprised that no one mentioned instance templates in Option C!

upvoted 0 times

...

Alysa

4 months ago

I disagree, service accounts (Option B) are more secure for this setup.

upvoted 0 times

...

Sylvia

4 months ago

Option A seems solid, using network tags is a good approach.

upvoted 0 times

...

Francoise

5 months ago

I think option A makes sense since it talks about configuring network tags, but I’m a bit confused about whether we should use instance templates or just the existing servers.

upvoted 0 times

...

Shawnda

5 months ago

I feel like the requirement to prevent instance admins from altering traffic points towards using network tags. I just can’t recall if we need to re-deploy the servers or not.

upvoted 0 times

...

Edna

5 months ago

I remember a practice question where we had to set up firewall rules based on service accounts. It seems like option B could be a good choice, but I’m not confident about the specifics.

upvoted 0 times

...

Daniel

5 months ago

I think using network tags is the way to go, but I'm not entirely sure if we need to re-deploy the servers or if we can just apply the tags directly.

upvoted 0 times

...

Yaeko

5 months ago

Hmm, I'm a bit confused by the wording of the options. I'll need to carefully read through each one and think about the Standards to determine the correct answer.

upvoted 0 times

...

Lenna

5 months ago

I think resource pools and active queues are vital since they help distribute work effectively, but I'm not completely sure if they cover everything for high availability.

upvoted 0 times

...

Kiera

5 months ago

I'm not totally sure, but I'm leaning towards option C. A performance model without regular check-ins doesn't make sense to me.

upvoted 0 times

...