Topic 1 Question 216
You are developing an Apache Beam pipeline to extract data from a Cloud SQL instance by using JdbcIO. You have two projects running in Google Cloud. The pipeline will be deployed and executed on Dataflow in Project A. The Cloud SQL. instance is running in Project B and does not have a public IP address. After deploying the pipeline, you noticed that the pipeline failed to extract data from the Cloud SQL instance due to connection failure. You verified that VPC Service Controls and shared VPC are not in use in these projects. You want to resolve this error while ensuring that the data does not go through the public internet. What should you do?
Set up VPC Network Peering between Project A and Project B. Add a firewall rule to allow the peered subnet range to access all instances on the network.
Turn off the external IP addresses on the Dataflow worker. Enable Cloud NAT in Project A.
Add the external IP addresses of the Dataflow worker as authorized networks in the Cloud SQL instance.
Set up VPC Network Peering between Project A and Project B. Create a Compute Engine instance without external IP address in Project B on the peered subnet to serve as a proxy server to the Cloud SQL database.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: A
Secure Private Communication:
Establishes a direct, private connection between the VPCs, eliminating exposure to the public internet. Ensures data confidentiality and integrity.
👍 2e70ea9e2023/12/30 - 正解だと思う選択肢: A
VPC Network Peering allows for the connection of two VPC networks so that they can communicate internally as if they were part of the same network.
👍 2raaad2024/01/03 - 正解だと思う選択肢: D
D is the correct solution.
To allow the Dataflow workers in Project A to connect to the private Cloud SQL instance in Project B, you need to set up VPC Network Peering between the two projects.
Then create a Compute Engine instance without external IP in Project B on the peered subnet. This instance can serve as a proxy server to connect to the private Cloud SQL instance.
The Dataflow workers can connect through the peered network to the proxy instance, which then connects to Cloud SQL. This allows accessing the private Cloud SQL instance without going over the public internet.
Option A would allow access but still goes over the public internet.
Option B and C would not work since the Cloud SQL instance does not have a public IP address.
So D is the right approach to resolve the connection issue while keeping the data private.
👍 1MaxNRG2024/01/07
シャッフルモード