Answer-first summary for fast verification
Answer: Deploy a standard private cluster and enable shielded nodes.
Option A is correct because deploying a standard private cluster ensures nodes are not accessible from the internet by default, and enabling shielded nodes provides verifiable node identity and integrity. This approach also aligns with Google's recommended practices for cost efficiency and control. Options B and C are incorrect as autopilot clusters, whether public or private, do not allow restricting internet access to nodes. Option D is incorrect because while shielded nodes offer identity and integrity verification, a public cluster does not meet the requirement of nodes being inaccessible from the internet.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are developing a banking application on Google Kubernetes Engine. Your security team mandates the following for the cluster: Nodes must have verifiable identity and integrity, and should not be reachable from the internet. How can you meet these requirements while minimizing operational costs?
A
Deploy a standard private cluster and enable shielded nodes.
B
Deploy a public autopilot cluster.
C
Deploy a private autopilot cluster.
D
Deploy a standard public cluster and enable shielded nodes.