Google Professional Cloud Developer
Get started today
Ultimate access to all questions.
How should you configure Compute Engine instances for a web application accessible via HTTP/HTTPS while enabling secure SSH access from a remote laptop for maintenance, following Google-recommended best practices?
How should you configure Compute Engine instances for a web application accessible via HTTP/HTTPS while enabling secure SSH access from a remote laptop for maintenance, following Google-recommended best practices?
Explanation:
The best practice for secure access involves minimizing public exposure of instances. Option C uses Cloud Identity-Aware Proxy (IAP) for SSH, which allows secure access without public IPs on instances, and an HTTP(S) load balancer for web traffic. IAP is a Google-recommended method for SSH access, enhancing security. Option D's bastion host requires managing public IPs and firewall rules, which is less secure. Option B's open firewall rules are a security risk. Option A's TCP proxy is unsuitable for HTTP(S) traffic. Thus, C is correct.