Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Your customer wants to do resilience testing of their authentication layer. This consists of a regional managed instance group serving a public REST API that reads from and writes to a Cloud SQL instance. What should you do?
A.
Engage with a security company to run web scrapers that look your for users' authentication data om malicious websites and notify you if any is found.
B.
Deploy intrusion detection software to your virtual machines to detect and log unauthorized access.
C.
Schedule a disaster simulation exercise during which you can shut off all VMs in a zone to see how your application behaves.
D.
Configure a read replica for your Cloud SQL instance in a different zone than the master, and then manually trigger a failover while monitoring KPIs for our REST API.
As per google documentation(https://cloud.google.com/solutions/scalable-and-resilient-apps) answer is C.
C: A well-designed application should scale seamlessly as demand increases and decreases, and be resilient enough to withstand the loss of one or more compute resources.
Resilience: designed to withstand the unexpected
A highly-available, or resilient, application is one that continues to function despite expected or unexpected failures of components in the system. If a single instance fails or an entire zone experiences a problem, a resilient application remains fault tolerant—continuing to function and repairing itself automatically if necessary. Because stateful information isn’t stored on any single instance, the loss of an instance—or even an entire zone—should not impact the application’s performance.
You're not testing *authentication*, you're testing *the resilience of the authentication layer*. "A resilient app is one that continues to function despite failures of system components" (https://cloud.google.com/architecture/scalable-and-resilient-apps#resilience_designing_to_withstand_failures) - such as shutting down all VMs in a zone.
I choose Answer C
https://cloud.google.com/sql/docs/mysql/replication
This URL states "Read replicas are read-only; you cannot write to them. The read replica processes queries, read requests, and analytics traffic, thus reducing the load on the primary instance."
"Note: Read replicas do not provide failover capability. To provide failover capability for an instance, see Configuring an instance for high availability."
"As a best practice, put read replicas in a different zone than the primary instance when you use HA on your primary instance. This practice ensures that read replicas continue to operate when the zone that contains the primary instance has an outage. See the Overview of high availability for more information."
Testing Database Resilience: By setting up a read replica in a different zone and triggering a manual failover, you simulate a failure of the primary database. This allows you to assess how well your authentication layer and the overall application cope with the loss of the primary database.
Monitoring Performance and Availability: During the failover, monitoring key performance indicators (KPIs) for your REST API will give you insights into how the application's performance and availability are impacted. This helps in identifying potential bottlenecks and areas for improvement in your resilience strategy.
Ensuring Data Continuity: A read replica ensures data continuity and minimizes downtime, which is critical for an authentication system. The replica will take over as the primary database during the failover, ensuring that the authentication service remains functional.
Authentication layer resiliency can be covered as part of overall application resiliency testing. Option C is asking to use read replica which is not useful in case of testing resiliency in case of failure
Read replica do not provide failover capability
https://cloud.google.com/sql/docs/mysql/replication#:~:text=Note%3A%20Read%20replicas%20do%20not,HA%20on%20your%20primary%20instance.
I choose C.
I don't say D because the REST API read and WRITE in the database, if you create a READ replica in Cloud SQL, the REST API will not have the possibility of write in the database. The answer D doesn't mention anything about promote the read replica to master.
Exactly. Because in GCP a read replica cant be auto upgraded to become a master in case of failover. So basically the database will allow only READ operations and not WRITE operations. Basically leaving it non-functional
Option A is focused on external threat intelligence and is more suited to security testing rather than resilience testing.
Option B is related to security monitoring, and while important, does not directly address resilience testing requirements.
Option C simulates a zone failure scenario. This could provide insights into how the application behaves in a failure scenario, making it a valid resilience testing method. However, it does not specifically address the interaction with Cloud SQL.
Option D directly addresses resilience testing involving a Cloud SQL instance by creating a read replica in a different zone and simulating a failover. This will allow you to assess the impact on your REST API and verify whether the authentication layer remains functional and available, even when the primary Cloud SQL instance is inaccessible.
I think answer should be C, because Read Replicas are there for improving scalability and not availability. So whenever, a node/zone goes down, a read replica wont auto transform to a master. For that you need a failover replica by enabling HA configuration in VMs.
its quite tricky here
resilient = chaos test.
so with C, we have shut down all VMs in one zone to see how its it working on another zone( note that this is regional ) is my chose
The application was deployed to a managed Instance Group, it must have been configured with a load balancer, health check and AutoHealing. Turning off VMs would instantly bring up another instance as soon as the health checks fail, and traffic is automatically redirected to these instances. Therefore, the Answer is D.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Kri_2525
Highly Voted 4 years, 4 months agoJack_in_Large
3 years, 11 months agovartiklis
2 years, 4 months agoelaineshi
1 year, 11 months agoheretolearnazure
8 months, 1 week agoKouShikyou
Highly Voted 4 years, 5 months agoDarahaas
3 years, 7 months ago666Amitava666
Most Recent 4 days, 10 hours agoactivist
3 weeks, 3 days agosantoshchauhan
1 month agoRehamss
1 month, 1 week agoTeckexam
2 months, 1 week agopractice_sample
2 months, 2 weeks agodidek1986
3 months, 1 week agoTamim321
4 months agoRoro_Brother
4 months, 2 weeks agojuliansierra
5 months, 3 weeks agoparthkulkarni998
4 months, 2 weeks agoRuibinC
6 months, 2 weeks agoPrakzz
6 months, 3 weeks agomarcohol
7 months agoparthkulkarni998
3 months agoductrinh
7 months agopiiizu
7 months, 1 week ago