nerdexam
Google

PROFESSIONAL-CLOUD-DEVELOPER · Question #198

Your team is building an application for a financial institution. The application's frontend runs on Compute Engine, and the data resides in Cloud SQL and one Cloud Storage bucket. The application wil

The correct answer is C. 1. Configure a private IP address for Cloud SQL. Configuring a private IP address for Cloud SQL removes its public internet endpoint entirely, so the database is only reachable within the VPC. This is the Google-recommended approach for protecting sensitive PII data - the Compute Engine frontend communicates with Cloud SQL over

Securing Data and Applications

Question

Your team is building an application for a financial institution. The application's frontend runs on Compute Engine, and the data resides in Cloud SQL and one Cloud Storage bucket. The application will collect data containing PII, which will be stored in the Cloud SQL database and the Cloud Storage bucket. You need to secure the PII data. What should you do?

Options

  • A
    1. Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL
  • B
    1. Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL
  • C
    1. Configure a private IP address for Cloud SQL
  • D
    1. Configure a private IP address for Cloud SQL

How the community answered

(48 responses)
  • A
    15% (7)
  • B
    10% (5)
  • C
    71% (34)
  • D
    4% (2)

Explanation

Configuring a private IP address for Cloud SQL removes its public internet endpoint entirely, so the database is only reachable within the VPC. This is the Google-recommended approach for protecting sensitive PII data - the Compute Engine frontend communicates with Cloud SQL over the internal network without any public exposure. Options A and B rely solely on firewall rules, which restrict traffic but still leave the instance with a public IP that represents an unnecessary attack surface. Private IP eliminates that risk at the network level.

Topics

#Cloud SQL#Network Security#Private IP#PII Protection

Community Discussion

No community discussion yet for this question.

Full PROFESSIONAL-CLOUD-DEVELOPER Practice