Topic 1 Question 150
Your organization's Google Cloud VMs are deployed via an instance template that configures them with a public IP address in order to host web services for external users. The VMs reside in a service project that is attached to a host (VPC) project containing one custom Shared VPC for the VMs. You have been asked to reduce the exposure of the VMs to the internet while continuing to service external users. You have already recreated the instance template without a public IP address configuration to launch the managed instance group (MIG). What should you do?
Deploy a Cloud NAT Gateway in the service project for the MIG.
Deploy a Cloud NAT Gateway in the host (VPC) project for the MIG.
Deploy an external HTTP(S) load balancer in the service project with the MIG as a backend.
Deploy an external HTTP(S) load balancer in the host (VPC) project with the MIG as a backend.
ユーザの投票
コメント(17)
- 正解だと思う選択肢: C
Answer is C
NAT is for egress. To serve customers, need to have LB in the same project
👍 8Littleivy2022/11/12 - 正解だと思う選択肢: C
For me C is the answer.
Cloud NAT is for outbound traffic and LB is to handle external customers' request to web services, so it is a LB.
Between C and D: In this documentation https://cloud.google.com/load-balancing/docs/https#shared-vpc it says that "The global external IP address, the forwarding rule, the target HTTP(S) proxy, and the associated URL map must be defined in the same service project as the backends." and in the statement it says that the MIG are in the service project, so in my opinion the LB components must be in the service project.
👍 4crisyeb2022/10/23 - 正解だと思う選択肢: C
No doubt the answer is C, this is the Two-tier web service model , below the example from google cloud documentation https://cloud.google.com/vpc/docs/shared-vpc#two-tier_web_service
👍 4GHOST19852022/11/11
シャッフルモード