Topic 1 Question 61
A customer wants to deploy a large number of 3-tier web applications on Compute Engine. How should the customer ensure authenticated network separation between the different tiers of the application?
Run each tier in its own Project, and segregate using Project labels.
Run each tier with a different Service Account (SA), and use SA-based firewall rules.
Run each tier in its own subnet, and use subnet-based firewall rules.
Run each tier with its own VM tags, and use tag-based firewall rules.
ユーザの投票
コメント(15)
Answer is B. Keyword is 'authenticated". Reference below: "Isolate VMs using service accounts when possible" "even though it is possible to uses tags for target filtering in this manner, we recommend that you use service accounts where possible. Target tags are not access-controlled and can be changed by someone with the instanceAdmin role while VMs are in service. Service accounts are access-controlled, meaning that a specific user must be explicitly authorized to use a service account. There can only be one service account per instance, whereas there can be multiple tags. Also, service accounts assigned to a VM can only be changed when the VM is stopped." https://cloud.google.com/solutions/best-practices-vpc-design#isolate-vms-service-accounts
👍 23genesis3k2020/10/29B as per best practices https://cloud.google.com/solutions/best-practices-vpc-design
👍 3singhjoga2021/01/06should be C
👍 2Wooky2020/09/26
シャッフルモード