Topic 1 Question 196
Your team is responsible for maintaining an application that aggregates news articles from many different sources. Your monitoring dashboard contains publicly accessible real-time reports and runs on a Compute Engine instance as a web application. External stakeholders and analysts need to access these reports via a secure channel without authentication. How should you configure this secure channel?
Add a public IP address to the instance. Use the service account key of the instance to encrypt the traffic.
Use Cloud Scheduler to trigger Cloud Build every hour to create an export from the reports. Store the reports in a public Cloud Storage bucket.
Add an HTTP(S) load balancer in front of the monitoring dashboard. Configure Identity-Aware Proxy to secure the communication channel.
Add an HTTP(S) load balancer in front of the monitoring dashboard. Set up a Google-managed SSL certificate on the load balancer for traffic encryption.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: D
A is incorrect. A service account cannot be used to encrypt HTTPS traffic. B is incorrect. Periodical export would not meet the real-time requirement. C is incorrect. IAP is not securing the communication channel, it authenticates the user. Technically Cloud Load Balancing already secures the channel but without an appropriate certificate. D is correct. This provides an external HTTPS endpoint, and uses Google-managed services and a valid SSL certificate.
👍 3x_cath2022/12/15 - 正解だと思う選択肢: D
D is the answer.
👍 2zellck2022/12/13 - 正解だと思う選択肢: D
D is correct. This provides an external HTTPS endpoint, and uses Google-managed services and a valid SSL certificate.
https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs
👍 1melisargh2022/12/11
シャッフルモード