Answer-first summary for fast verification
Answer: Use a private cluster with a private endpoint with master authorized networks configured.
The correct answer is A. Using a private cluster with a private endpoint and master authorized networks configured is the most secure option. This setup prevents all internet access to the control plane, which significantly reduces the attack surface by making it more difficult for unauthorized entities to target the nodes. This configuration ensures that only authorized users and systems with specific CIDR blocks can access the cluster, thus enhancing security. This approach aligns with Google's best practices for network architecture in Google Kubernetes Engine and meets EHR Healthcare's requirements for secure, scalable, and high-availability solutions. Reference: https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
EHR Healthcare, a provider of electronic health record software, is migrating from colocation facilities to Google Cloud. You are responsible for designing the Google Cloud network architecture for Google Kubernetes Engine, taking into account the need for scalability, high availability, and security. Considering EHR Healthcare's business requirements for a minimum of 99.9% availability and reduced latency, as well as technical requirements for secure and high-performance connections, consistent logging, and dynamic scaling, what should you do to reduce the attack surface?
A
Use a private cluster with a private endpoint with master authorized networks configured.
B
Use a public cluster with firewall rules and Virtual Private Cloud (VPC) routes.
C
Use a private cluster with a public endpoint with master authorized networks configured.
D
Use a public cluster with master authorized networks enabled and firewall rules.