Answer-first summary for fast verification
Answer: Disable and remove the external IP address assignment.
To improve network security for the Cloud SQL instance in this scenario, the best practice is to disable and remove the external IP address assignment. This is because the application connecting to the database resides on a Compute Engine VM in the same project and VPC network, which means they can communicate over the internal (private) IP addresses. Removing the external IP address reduces the attack surface by eliminating public access to the database. Option A is incorrect because the internal IP address is necessary for communication within the same VPC network. Option B is incorrect because Private Google Access is not needed when both resources are in the same VPC network and can communicate internally. Option C is incorrect because specifying an authorized network with the CIDR range of the VM is unnecessary when both are in the same VPC network and using internal IPs for communication is more secure.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you enhance network security when configuring a Cloud SQL instance and a Compute Engine VM in the same project, both using the same VPC network and having public and private IP addresses?
A
Disable and remove the internal IP address assignment.
B
Disable both the external IP address and the internal IP address, and instead rely on Private Google Access.
C
Specify an authorized network with the CIDR range of the VM.
D
Disable and remove the external IP address assignment.
No comments yet.