PROFESSIONAL-CLOUD-DEVELOPER Question #373: Real Exam Question with Answer & Explanation

Question

Your team is responsible for developing multiple microservices. These microservices are deployed in Cloud Run and connected to a Cloud SQL instance. You typically conduct tests in a local environment prior to deploying new features. However, the external IP was recently removed from your Cloud SQL instance, and you are unable to perform the tests. You need to connect to the database to conduct tests with the most updated data. You want to follow Google- recommended practices. What should you do?

Options

• AExport the data from the database to a Cloud Storage bucket. Create a database on your
• BCreate a Cloud VPN tunnel from your computer to your Google Cloud project, and connect to the
• CAdd your IP as an authorized network on the Cloud SQL instance.
• DCreate a VM in the same VPC as the Cloud SQL instance. Connect to the VM by using Identity-

Explanation

Since the Cloud SQL instance no longer has an external IP, you need to connect securely through a private IP connection within the same VPC. By using Identity-Aware Proxy (IAP) for TCP forwarding to connect to a VM in the same VPC as the Cloud SQL instance, you can establish a secure connection to the VM without exposing it publicly. The Cloud SQL Auth Proxy installed on the VM allows you to authenticate and connect to Cloud SQL securely, following Google-recommended practices for accessing Cloud SQL instances without external IPs. This approach provides secure access and avoids needing to expose the database to external IPs or creating unnecessary complexity with a VPN tunnel. Exporting data to a local database would not provide a live, up-to-date testing environment.

No community discussion yet for this question.