Answer-first summary for fast verification
Answer: Configure Cloud Identity-Aware Proxy API for SSH access. Then configure the Compute Engine servers with private IP addresses behind an HTTP(s) load balancer for the application web traffic.
The best practice for secure access involves minimizing public exposure of instances. Option C uses Cloud Identity-Aware Proxy (IAP) for SSH, which allows secure access without public IPs on instances, and an HTTP(S) load balancer for web traffic. IAP is a Google-recommended method for SSH access, enhancing security. Option D's bastion host requires managing public IPs and firewall rules, which is less secure. Option B's open firewall rules are a security risk. Option A's TCP proxy is unsuitable for HTTP(S) traffic. Thus, C is correct.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
How should you configure Compute Engine instances for a web application accessible via HTTP/HTTPS while enabling secure SSH access from a remote laptop for maintenance, following Google-recommended best practices?
A
Set up a backend with Compute Engine web server instances with a private IP address behind a TCP proxy load balancer.
B
Configure the firewall rules to allow all ingress traffic to connect to the Compute Engine web servers, with each server having a unique external IP address.
C
Configure Cloud Identity-Aware Proxy API for SSH access. Then configure the Compute Engine servers with private IP addresses behind an HTTP(s) load balancer for the application web traffic.
D
Set up a backend with Compute Engine web server instances with a private IP address behind an HTTP(S) load balancer. Set up a bastion host with a public IP address and open firewall ports. Connect to the web instances using the bastion host.