Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
You are deploying an application on App Engine that needs to integrate with an on-premises database. For security purposes, your on-premises database must not be accessible through the public internet. What should you do?
A.
Deploy your application on App Engine standard environment and use App Engine firewall rules to limit access to the open on-premises database.
B.
Deploy your application on App Engine standard environment and use Cloud VPN to limit access to the on-premises database.
C.
Deploy your application on App Engine flexible environment and use App Engine firewall rules to limit access to the on-premises database.
D.
Deploy your application on App Engine flexible environment and use Cloud VPN to limit access to the on-premises database.
Agree with D - "When to choose the flexible environment" "Accesses the resources or services of your Google Cloud project that reside in the Compute Engine network."
https://cloud.google.com/appengine/docs/the-appengine-environments
Where does it say appengine cannot connect to on-prem db? With CloudVPN, it shoudl connect as per this https://cloud.google.com/appengine/docs/flexible/storage-options#on_premises
Also going with D will require app to be containerized. That is not listed in the requirement.
In a forum mentions that GCE and CAP flex are designed for connect to VPC . With GAP standard is needed a proxy .
https://stackoverflow.com/questions/47537204/how-to-connect-app-engine-and-on-premise-server-through-vpn
https://cloud.google.com/appengine/docs/flexible/flexible-for-standard-users
Standard environment tend to be stateless web applications . Flexi is better for intergrating with on premise database
I had originally chosen option B because both App Engine Standard and App Engine Flex can connect via Cloud VPN starting a few years ago. For App Engine Standard to connect with a VPC (which would be required to use Cloud VPN), we need to create a Serverless VPC Connector (as well as for other Cloud Run and Cloud Functions). This is something relatively new and probably came out after this question was designed for the exam: https://cloud.google.com/vpc/docs/serverless-vpc-access#supported_services.
Based on the fact that the Serverless VPC Connector would add extra complexity to the network topology and incur in additional costs, I'm going with D.
I'm going with B based on this: https://cloud.google.com/appengine/docs/standard/storage-options#on_premises.
App Engine Standard can connect through an external database via Cloud VPN. The question only states that the on-prem database must not be accessible through the public internet, not that the traffic must NOT traverse the public internet. Quoting the documentation from App Engine Standard:
"If you have existing on-premises databases that you want to make accessible to your App Engine app, you can either configure your internal network and firewall to give the database a public IP address or connect using a VPN."
Obviously we don't want to give the database a public IP because that would mean it would be accessible via public internet (which is what we want to prevent), and Cloud VPN would help with that.
Remember On-prem DB is not accessible over internet, hence VPN is out of question.
C. Deploy your application on App Engine flexible environment and use App Engine firewall rules to limit access to the on-premises database.
There's a difference between accessing from Public Internet, and traversing through Public Internet. To ensure that no traffic goes over public internet at all, they should use Dedicated Interconnect, not Cloud VPN. Plus, using Firewall rules would only determine if traffic can ingress or egress via HTTP(S), it doesn't provide any security at all with regards to preventing the traffic from being accessed, corrupted or tampered via public internet (before reaching GCP).
Both ChatGPT and Bard suggest B as the correct option too, you might want to have second thoughts about your choice here.
Another question
https://www.examtopics.com/discussions/google/view/60436-exam-professional-cloud-architect-topic-1-question-151/
States "Your company has a support ticketing solution that uses App Engine Standard. ...You want to enable the App Engine application to communicate with a database that is running in the company's on-premises environment. What should you do?"
So this makes B the winner :)
The correct answer is D. Those who say B are unclear about one piece of information: standard App Engine does not provide direct access to local resources.
The below link confirms the standard environment to use cloud VPN. The question is primarily around "an application", which could be .Net or any application. A flexible environment with Cloud VPN would be right answer.
https://cloud.google.com/appengine/docs/standard/storage-options#on_premises
Please disregard this comment. I changed my mind: it should be D. App Engine Standard can connect with a VPN using a Serverless VPC Connector, so even though not it is feasible to achieve this with GAE Standard, it would be more expensive and complex to do it than it would be with App Engine Flex. Plus, the question is probably older than the Serverless VPC connector, so it's safe to assume that when the question was designed, App Engine Standard couldn't connect with Cloud VPN.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MyPractice
Highly Voted 4 years, 4 months agoAWS56
4 years, 4 months agoareza
2 years, 11 months agoVSMu
1 year, 3 months agoBeCalm
1 year, 2 months agoelaineshi
1 year, 11 months agoharoldbenites
2 years, 5 months agojcmoranp
Highly Voted 4 years, 6 months agoamxexam
2 years agomoiradavis
1 year, 10 months agopico
Most Recent 1 week agovalgorodetsky
1 week, 6 days agoDiwz
1 month, 1 week agodidek1986
3 months, 3 weeks agoTeckexam
3 months, 4 weeks agosidiosidi
2 weeks, 5 days agoglb2
1 month, 4 weeks agoglb2
1 month, 4 weeks agocfigueiredo
4 months agoZafar_
4 months agoodacir
5 months, 4 weeks agojrisl1991
7 months, 1 week agojrisl1991
7 months, 1 week agoAdityaGupta
7 months, 2 weeks agojrisl1991
7 months, 1 week agosomeone2011
7 months, 3 weeks agoheretolearnazure
9 months agored_panda
11 months, 3 weeks agonvragavan
1 year, 1 month agojrisl1991
7 months, 1 week agojrisl1991
7 months, 1 week agojits1984
1 year, 1 month ago