Explanation:
To effectively restrict access to your Google Cloud load-balanced application to specific IP addresses, the correct approach involves creating a firewall rule that targets the backend instances directly. This is because the backend instances receive the original client IP addresses when using regional (Network) load balancers. Option C correctly suggests tagging the backend instances and creating a firewall rule with the target tag and the source IP range of the allowed clients and Google health check IP ranges. VPC Service Controls, mentioned in options A and B, are not suitable for this purpose as they are designed for API and data exfiltration protection, not for filtering network traffic based on IP addresses. Option D is incorrect because it uses labels instead of tags for firewall targeting, which is not the correct method for this scenario.
Ultimate access to all questions.
No comments yet.
How can you limit access to your Google Cloud load-balanced application to only allow connections from specified IP addresses?
A
Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.
B
Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.
C
Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.
D
Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.