TerramEarth, a company that manufactures heavy equipment for the mining and agricultural industries, has moved its vehicle data aggregation and analysis infrastructure to Google Cloud. You start to build a new application for TerramEarth that uses a few Cloud Functions for the backend. One specific use case requires a Cloud Function func_display to invoke another Cloud Function func_query. You want func_query only to accept invocations from func_display while following Google's recommended best practices. What should you do?

Exam-Like

Create a token and pass it in as an environment variable to func_display. When invoking func_query, include the token in the request. Pass the same token to func_query and reject the invocation if the tokens are different._

8.6%

Make func_query 'Require authentication.' Create a unique service account and associate it to func_display. Grant the service account invoker role for func_query. Create an id token in func_display and include the token to the request when invoking func_query._

63.6%

Make func_query 'Require authentication' and only accept internal traffic. Create those two functions in the same VPC. Create an ingress firewall rule for func_query to only allow traffic from func_display._

12.3%

Create those two functions in the same project and VPC. Make func_query only accept internal traffic. Create an ingress firewall for func_query to only allow traffic from func_display. Also, make sure both functions use the same service account._

15.5%

Google Professional Cloud Architect

Comments

Get started today