ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Developer All Questions

View all questions & answers for the Professional Cloud Developer exam
Go to Exam

Exam Professional Cloud Developer topic 1 question 347 discussion

Actual exam question from Google's Professional Cloud Developer
Question #: 347
Topic #: 1
[All Professional Cloud Developer Questions]

You are designing a microservices application on GKE that will expose a public API to users. Users will interact with the application by using OAuth 2.0, and illegitimate requests should receive a 403 response code. You need the API to be resilient against distributed denial of service (DDoS) attacks and critical security risks such as SQL injection (SQL) and cross-site scripting (XSS).

You want to design the application's architecture while following Google-recommended practices. What should you do?

  • A. Install Service Mesh in your GKE cluster. Configure Service Mesh user authentication to integrate the service hosted on GKE by using an OpenID Connect-compliant identity provider. Expose the application externally by using an Istio Ingress Gateway. Use VPC firewall rules to restrict Ingress traffic to the Ingress gateway.
  • B. Run an Apache HTTP server on Cloud Run to expose a service with a public IP address. Configure the Apache HTTP server as a reverse proxy to only forward valid requests to the API hosted on GKE.
  • C. Use an external Application Load Balancer with Cloud Armor. Integrate Cloud Armor with reCAPTCHA Enterprise. Configure the load balancer to forward traffic to the application hosted on GKE.
  • D. Use an external Application Load Balancer with Cloud Armor, and configure the load balancer to forward requests to Apigee to check the validity of the API requests. Configure GKE as the application's backend.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Laureatul at May 3, 2025, 10:57 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Laureatul
1 month, 2 weeks ago
Selected Answer: C
Option C is the most efficient and secure approach, following Google-recommended best practices for handling DDoS attacks, SQL injection, XSS, and securing APIs in a scalable manner. Using Cloud Armor with reCAPTCHA Enterprise ensures that only legitimate traffic is allowed to interact with your public API, while also providing high availability and robustness.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel