ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Associate Cloud Engineer All Questions

View all questions & answers for the Associate Cloud Engineer exam
Go to Exam

Exam Associate Cloud Engineer topic 1 question 286 discussion

Actual exam question from Google's Associate Cloud Engineer
Question #: 286
Topic #: 1
[All Associate Cloud Engineer Questions]

You are deploying an application to Cloud Run. Your application requires the use of an API that runs on Google Kubernetes Engine (GKE). You need to ensure that your Cloud Run service can privately reach the API on GKE, and you want to follow Google-recommended practices. What should you do?

  • A. Deploy an ingress resource on the GKE cluster to expose the API to the internet. Use Cloud Armor to filter for IP addresses that can connect to the API. On the Cloud Run service, configure the application to fetch its public IP address and update the Cloud Armor policy on startup to allow this IP address to call the API on ports 80 and 443.
  • B. Create an ingress firewall rule on the VPC to allow connections from 0.0.0.0/0 on ports 80 and 443.
  • C. Create an egress firewall rule on the VPC to allow connections to 0.0.0.0/ on ports 80 and 443.
  • D. Deploy an internal Application Load Balancer to expose the API on GKE to the VPC. Configure Cloud DNS with the IP address of the internal Application Load Balancer. Deploy a Serverless VPC Access connector to allow the Cloud Run service to call the API through the FQDN on Cloud DNS.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by MohannadSamir at May 18, 2025, 1:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MohannadSamir
5 days, 14 hours ago
Selected Answer: D
why this D is the best solution: Security Best Practices: This solution maintains private connectivity without exposing the API to the internet It follows the principle of least privilege It uses internal networking rather than public IP addresses Components and their roles: Internal Application Load Balancer: Exposes the GKE API internally within the VPC Cloud DNS: Provides DNS resolution for the internal service Serverless VPC Access connector: Enables Cloud Run to access VPC resources
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel