nerdexam
Google

PROFESSIONAL-CLOUD-DEVELOPER · Question #213

Your team is responsible for maintaining an application that aggregates news articles from many different sources. Your monitoring dashboard contains publicly accessible real-time reports and runs on

The correct answer is D. Add an HTTP(S) load balancer in front of the monitoring dashboard. Set up a Google-managed. An HTTP(S) load balancer with a Google-managed SSL certificate terminates TLS at the load balancer, providing an HTTPS secure channel (encrypting data in transit) for public access. Since the requirement explicitly states 'without authentication,' Identity-Aware Proxy (IAP) in Op

Deploying applications

Question

Your team is responsible for maintaining an application that aggregates news articles from many different sources. Your monitoring dashboard contains publicly accessible real-time reports and runs on a Compute Engine instance as a web application. External stakeholders and analysts need to access these reports via a secure channel without authentication. How should you configure this secure channel?

Options

  • AAdd a public IP address to the instance. Use the service account key of the instance to encrypt
  • BUse Cloud Scheduler to trigger Cloud Build every hour to create an export from the reports. Store
  • CAdd an HTTP(S) load balancer in front of the monitoring dashboard. Configure Identity-Aware
  • DAdd an HTTP(S) load balancer in front of the monitoring dashboard. Set up a Google-managed

How the community answered

(59 responses)
  • A
    12% (7)
  • B
    2% (1)
  • C
    5% (3)
  • D
    81% (48)

Explanation

An HTTP(S) load balancer with a Google-managed SSL certificate terminates TLS at the load balancer, providing an HTTPS secure channel (encrypting data in transit) for public access. Since the requirement explicitly states 'without authentication,' Identity-Aware Proxy (IAP) in Option C is incorrect - IAP enforces authentication via Google identities before granting access. Option A is non-standard and operationally complex. Option B uses Cloud Scheduler and Cloud Build to export static snapshots, which cannot provide real-time reports. Option D is the cleanest solution: HTTPS encrypts the channel, and no authentication gate is placed in front of it.

Topics

#HTTP(S) Load Balancer#SSL/TLS Certificates#Web Application Security#External Access Configuration

Community Discussion

No community discussion yet for this question.

Full PROFESSIONAL-CLOUD-DEVELOPER Practice