ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Developer All Questions

View all questions & answers for the Professional Cloud Developer exam
Go to Exam

Exam Professional Cloud Developer topic 1 question 303 discussion

Actual exam question from Google's Professional Cloud Developer
Question #: 303
Topic #: 1
[All Professional Cloud Developer Questions]

You are developing a web application that will be deployed to production on Cloud Run. The application consists of multiple microservices, some of which will be publicly accessible and others that will only be accessible after authentication by Google identities. You need to ensure that only authenticated users can access the restricted services, while allowing unrestricted access to the public services of the application. You want to use the most secure approach while minimizing management overhead and complexity. How should you configure access?

  • A. Enable Identity-Aware Proxy (IAP) for all microservices. Develop a new microservice that checks the authentication requirements for each application and controls access to the respective services.
  • B. Enable Identity-Aware Proxy (IAP) for all microservices. Manage access control lists (ACLs) for the restricted services, and configure allAuthenticatedUsers access to the public services.
  • C. Use Cloud Endpoints with Firebase Authentication for all microservices. Configure Firebase rules to manage access control lists (ACLs) for each service, allowing access to the public services.
  • D. Configure separate Cloud Run services for the public and restricted microservices. Enable Identity-Aware Proxy (IAP) only for the restricted services, and configure the Cloud Run ingress settings to ‘Internal and Cloud Load Balancing’.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by anshad666 at Oct. 12, 2024, 8:34 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Pime13
4 weeks, 1 day ago
Selected Answer: D
Separation of concerns: By splitting public and restricted services, you can apply different security policies without overcomplicating access control. IAP for restricted services: Identity-Aware Proxy provides secure, Google-managed authentication and authorization for web applications. It integrates with Google identities and supports fine-grained access control. Public access for public services: You can allow unauthenticated access to public services by setting their IAM policy to allUsers or allAuthenticatedUsers. Ingress control: Setting ingress to "Internal and Cloud Load Balancing" ensures that restricted services are only accessible through authenticated, internal paths (e.g., via a load balancer or IAP), not directly from the internet. https://cloud.google.com/run/docs/securing/ingress https://cloud.google.com/iap/docs/enabling-cloud-run
upvoted 1 times
...
anshad666
10 months ago
Selected Answer: D
Configure separate Cloud Run services for the public and restricted microservices. Enable Identity-Aware Proxy (IAP) only for the restricted services, and configure the Cloud Run ingress settings to ‘Internal and Cloud Load Balancing’.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel