PROFESSIONAL-CLOUD-ARCHITECT · Question #359
PROFESSIONAL-CLOUD-ARCHITECT Question #359: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-CLOUD-ARCHITECT to reveal the answer and full explanation for question #359. The question stem and answer options stay visible for context.
Question
You are deploying a new three-tier application to Compute Engine instances within a single Virtual Private Cloud (VPC). The architecture is segmented into three subnets: a web tier subnet, an application tier subnet, and a database tier subnet. - The web tier must only receive traffic from an external load balancer. - The application tier must only receive traffic from the web tier. - The database tier must only receive traffic from the application tier. You need to enforce strict traffic flow control and want to follow Google-recommended practices. What should you do?
Options
- AConfigure Cloud NAT for each subnet, and create Google Cloud Armor policies to filter traffic
- BCreate a single VPC firewall rule with a high priority that allows ingress traffic on all ports between
- CUse a combination of network tags and service accounts. Apply a unique network tag and a
- DSet up VPC Network Peering between the web tier and application tier subnets, and another
Unlock PROFESSIONAL-CLOUD-ARCHITECT to see the answer
You've previewed enough free PROFESSIONAL-CLOUD-ARCHITECT questions. Unlock PROFESSIONAL-CLOUD-ARCHITECT for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.