PROFESSIONAL-CLOUD-SECURITY-ENGINEER · Question #92
PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #92: Real Exam Question with Answer & Explanation
The correct answer is D: SSL Proxy Load Balancing. SSL Proxy Load Balancing is designed for non-HTTP TLS traffic on arbitrary TCP ports and terminates the TLS connection at Google's edge before passing traffic to backend instances. Port 587 (SMTP submission) is not HTTP, so HTTP(S) Load Balancing (B) is unsuitable. Network Load B
Question
Your company has deployed an application on Compute Engine. The application is accessible by clients on port 587. You need to balance the load between the different instances running the application. The connection should be secured using TLS, and terminated by the Load Balancer. What type of Load Balancing should you use?
Options
- ANetwork Load Balancing
- BHTTP(S) Load Balancing
- CTCP Proxy Load Balancing
- DSSL Proxy Load Balancing
Explanation
SSL Proxy Load Balancing is designed for non-HTTP TLS traffic on arbitrary TCP ports and terminates the TLS connection at Google's edge before passing traffic to backend instances. Port 587 (SMTP submission) is not HTTP, so HTTP(S) Load Balancing (B) is unsuitable. Network Load Balancing (A) operates at L4 (TCP/UDP) and does not perform TLS termination. TCP Proxy Load Balancing (C) proxies raw TCP but also does not terminate TLS - it passes the encrypted stream through. Only SSL Proxy Load Balancing satisfies both requirements: arbitrary non-HTTP port and TLS termination at the load balancer.
Topics
Community Discussion
No community discussion yet for this question.