Topic 1 Question 63
You are hosting an application on bare-metal servers in your own data center. The application needs access to Cloud Storage. However, security policies prevent the servers hosting the application from having public IP addresses or access to the internet. You want to follow Google-recommended practices to provide the application with access to Cloud Storage. What should you do?
- Use nslookup to get the IP address for storage.googleapis.com. 2. Negotiate with the security team to be able to give a public IP address to the servers. 3. Only allow egress traffic from those servers to the IP addresses for storage.googleapis.com.
- Using Cloud VPN, create a VPN tunnel to a Virtual Private Cloud (VPC) in Google Cloud. 2. In this VPC, create a Compute Engine instance and install the Squid proxy server on this instance. 3. Configure your servers to use that instance as a proxy to access Cloud Storage.
- Use Migrate for Compute Engine (formerly known as Velostrata) to migrate those servers to Compute Engine. 2. Create an internal load balancer (ILB) that uses storage.googleapis.com as backend. 3. Configure your new instances to use this ILB as proxy.
- Using Cloud VPN or Interconnect, create a tunnel to a VPC in Google Cloud. 2. Use Cloud Router to create a custom route advertisement for 199.36.153.4/30. Announce that network to your on-premises network through the VPN tunnel. 3. In your on-premises network, configure your DNS server to resolve *.googleapis.com as a CNAME to restricted.googleapis.com.
ユーザの投票
コメント(17)
D is the correct one as per Ref: https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid
👍 52poogcp2020/06/10What messy answers! I chose D and here is my reasoning per answer.
A. It's bad practice to use nslookup to try find a permanent IP address because IPs can change. That's what DNS is for! Also, the security team aren't going to budge... this is just a silly answer.
B. We're getting warmer. Any time a question mentions on-prem and cloud, Google wants you to think about Cloud VPN. This solution might even work, but installing Squid? This is a messy solution to a more simple problem. C. Talk about using a sledge hammer to swat a mosquito. I think this could work, but migrating servers to cloud to solve a simple networking problem? D. Once more Google's favorite Cloud VPN is in the answer. I'm not sure about the networking component of this question.👍 16obeythefist2022/02/28how you all know that everybody
mere to upar se nikal raha hai sab kuch pls help guys
👍 5RAVI3212022/08/21
シャッフルモード