Topic 1 Question 299
You manage multiple internal-only applications that are hosted within different Google Cloud projects. You are deploying a new application that requires external internet access. To maintain security, you want to clearly separate this new application from internal systems. Your solution must have effective security isolation for the new externally-facing application. What should you do?
Deploy the application within the same project as an internal application. Use a Shared VPC model to manage network configurations.
Place the application in the same project as an existing internal application, and adjust firewall rules to allow external traffic.
Create a VPC Service Controls perimeter, and place the new application’s project within that perimeter.
Create a new project for the application, and use VPC Network Peering to access necessary resources in the internal projects.
ユーザの投票
コメント(7)
- 正解だと思う選択肢: C
It does not say anywhere that the external application should access internal resources. VPC peering would then be a massive security risk
👍 4f36bdb52024/11/12 D - Dedicated Project: Creating a new project for the externally-facing application provides a clear separation from internal systems, reducing the risk of unauthorized access or lateral movement. VPC Network Peering: Using VPC Network Peering allows the new project to access resources in the internal projects, while maintaining a controlled and secure boundary. This ensures that external traffic cannot directly access internal resources without going through the established peering connection. Improved Security: This approach offers enhanced security by minimizing the attack surface and limiting the potential impact of a breach.
👍 1abdelrahman892024/10/04- 正解だと思う選択肢: D
It's D
👍 1json4u2024/10/15
シャッフルモード