PROFESSIONAL-CLOUD-DEVELOPER · Question #213
Your team is responsible for maintaining an application that aggregates news articles from many different sources. Your monitoring dashboard contains publicly accessible real-time reports and runs on
The correct answer is D. Add an HTTP(S) load balancer in front of the monitoring dashboard. Set up a Google-managed. An HTTP(S) load balancer with a Google-managed SSL certificate terminates TLS at the load balancer, providing an HTTPS secure channel (encrypting data in transit) for public access. Since the requirement explicitly states 'without authentication,' Identity-Aware Proxy (IAP) in Op
Question
Your team is responsible for maintaining an application that aggregates news articles from many different sources. Your monitoring dashboard contains publicly accessible real-time reports and runs on a Compute Engine instance as a web application. External stakeholders and analysts need to access these reports via a secure channel without authentication. How should you configure this secure channel?
Options
- AAdd a public IP address to the instance. Use the service account key of the instance to encrypt
- BUse Cloud Scheduler to trigger Cloud Build every hour to create an export from the reports. Store
- CAdd an HTTP(S) load balancer in front of the monitoring dashboard. Configure Identity-Aware
- DAdd an HTTP(S) load balancer in front of the monitoring dashboard. Set up a Google-managed
How the community answered
(59 responses)- A12% (7)
- B2% (1)
- C5% (3)
- D81% (48)
Explanation
An HTTP(S) load balancer with a Google-managed SSL certificate terminates TLS at the load balancer, providing an HTTPS secure channel (encrypting data in transit) for public access. Since the requirement explicitly states 'without authentication,' Identity-Aware Proxy (IAP) in Option C is incorrect - IAP enforces authentication via Google identities before granting access. Option A is non-standard and operationally complex. Option B uses Cloud Scheduler and Cloud Build to export static snapshots, which cannot provide real-time reports. Option D is the cleanest solution: HTTPS encrypts the channel, and no authentication gate is placed in front of it.
Topics
Community Discussion
No community discussion yet for this question.