Google Professional Cloud Security Engineer
Get started today
Ultimate access to all questions.
You are designing the network architecture for a new 3-tier ecommerce application in Google Cloud that processes sensitive customer data. The design must establish strong security boundaries, enable secure remote maintenance for authorized third-party vendors, and adhere to the principle of least privilege. What is your recommended approach?
You are designing the network architecture for a new 3-tier ecommerce application in Google Cloud that processes sensitive customer data. The design must establish strong security boundaries, enable secure remote maintenance for authorized third-party vendors, and adhere to the principle of least privilege. What is your recommended approach?
Exam-Like
A
Create separate VPC networks for each tier. Use VPC peering between application tiers and other required VPCs. Provide vendors with SSH keys and root access only to the instances within the VPC for maintenance purposes.
B
Create a single VPC network and create different subnets for each tier. Create a new Google project specifically for the third-party vendors and grant the network admin role to the vendors. Deploy a VPN appliance and rely on the vendors’ configurations to secure third-party access.
Comments
Loading comments...