nerdexam
ExamsASSOCIATE-CLOUD-ENGINEERQuestions#320
GoogleGoogle

ASSOCIATE-CLOUD-ENGINEER · Question #320

ASSOCIATE-CLOUD-ENGINEER Question #320: Real Exam Question with Answer & Explanation

The correct answer is A: An external HTTP(S) load balancer with a managed SSL certificate to distribute the load and a. To distribute user traffic for a secure, autoscaling website with static content in Cloud Storage, an external HTTP(S) load balancer with a managed SSL certificate and a URL map configured with both Compute Engine instance group backends and Cloud Storage backends is required.

Submitted by rania.sa· Mar 30, 2026

Question

Your customer wants you to create a secure website with autoscaling based on the compute instance CPU load. You want to enhance performance by storing static content in Cloud Storage. Which resources are needed to distribute the user traffic?

Options

  • AAn external HTTP(S) load balancer with a managed SSL certificate to distribute the load and a
  • BAn external network load balancer pointing to the backend instances to distribute the load evenly.
  • CAn internal HTTP(S) load balancer together with Identity-Aware Proxy to allow only HTTPS traffic.
  • DAn external HTTP(S) load balancer to distribute the load and a URL map to target the requests

Explanation

To distribute user traffic for a secure, autoscaling website with static content in Cloud Storage, an external HTTP(S) load balancer with a managed SSL certificate and a URL map configured with both Compute Engine instance group backends and Cloud Storage backends is required.

Common mistakes.

  • B. An external network load balancer operates at Layer 4 (TCP/UDP) and does not support HTTP/HTTPS routing features like URL maps, SSL offloading (with managed certificates), or routing directly to Cloud Storage, nor does it inherently handle autoscaling based on HTTP-specific metrics.
  • C. An internal HTTP(S) load balancer is designed for traffic within a VPC network, not for public internet-facing websites. Identity-Aware Proxy (IAP) is for securing access to internal applications for specific users, not for public websites.
  • D. While an external HTTP(S) load balancer and a URL map are correct components for routing, this option does not explicitly mention the managed SSL certificate, which is crucial for meeting the "secure website" requirement, making option A more complete despite its truncation.

Concept tested. External HTTP(S) Load Balancer for secure web applications

Reference. https://cloud.google.com/load-balancing/docs/https

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full ASSOCIATE-CLOUD-ENGINEER PracticeBrowse All ASSOCIATE-CLOUD-ENGINEER Questions