Topic 1 Question 33
Your organization has a 3-tier web application deployed in the same network on Google Cloud Platform. Each tier (web, API, and database) scales independently of the others. Network traffic should flow through the web to the API tier and then on to the database tier. Traffic should not flow between the web and the database tier. How should you configure the network?
Add each tier to a different subnetwork
Set up software based firewalls on individual VMs
Add tags to each tier and set up routes to allow the desired traffic flow
Add tags to each tier and set up firewall rules to allow the desired traffic flow
解説
Google Cloud Platform(GCP) enforces firewall rules through rules and tags. GCP rules and tags can be defined once and used across all regions. Reference: https://cloud.google.com/docs/compare/openstack/ https://aws.amazon.com/it/blogs/aws/building-three-tier-architectures-with-security-groups/
ユーザの投票
コメント(17)
D. refer to target filtering. https://cloud.google.com/solutions/best-practices-vpc-design
👍 34shandy2019/11/24Let's go with option elimination
A. Add each tier to a different subnetwork >> Adding tiers to different subnets does not prevent or block them from accessing each other. Until specific firewall rules on VM or subnet allow access traffic on a specific port in the rule.
B. Set up software-based firewalls on individual VMs >> Not a recommended practice will have to enable firewall anyway.
C. Add tags to each tier and set up routes to allow the desired traffic flow >> Can be done but.
D. Add tags to each tier and set up firewall rules to allow the desired traffic flow >> Recommended way
Hence D
👍 5amxexam2021/08/26D. Add tags to each tier and set up firewall rules to allow the desired traffic flow
👍 3victory1082021/05/18
シャッフルモード