Answer-first summary for fast verification
Answer: 1. Create two service accounts named sa-app and sa-db. 2. Assign the sa-app service account to the application tier servers and the sa-db service account to the database tier servers. 3. Implement an ingress firewall rule to permit network traffic from the source service account sa-app to the target service account sa-db.
Option A is correct because it utilizes service accounts to precisely control access between the application and database servers. By associating the sa-app service account with the application servers and the sa-db service account with the database servers, you can ensure that only traffic from the application servers (source service account sa-app) is permitted to reach the database servers (target service account sa-db). An ingress firewall rule is then created to specifically allow this traffic. Options B, C, and D are incorrect as they either use network tags inappropriately for access control or fail to restrict traffic adequately between the specified servers. For more information, refer to Google Cloud's documentation on service accounts and firewall rules.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You have developed a 2-tier application on Google Cloud, consisting of an application tier and a database tier. The application tier operates in subnet-a, while the database tier is in subnet-b, both within the default VPC. What is the best method to configure a firewall rule that ensures only the application servers can communicate with the database servers?
A
B
C
D