Answer-first summary for fast verification
Answer: Ensure that the Cloud SQL instance doesn’t have a public IP address. Configure Cloud Run to use Cloud SQL Auth Proxy to connect to the Cloud SQL instance.
Option B is optimal because it ensures the Cloud SQL instance has no public IP address, eliminating external attack vectors, and uses Cloud SQL Auth Proxy, which automatically handles authentication and encryption without requiring manual certificate management or IP whitelisting. This approach minimizes management overhead by leveraging Google's managed service for secure connections. Option A is insecure due to the public IP. Option C adds management overhead with client certificates. Option D is impractical as Cloud Run uses dynamic IP addresses, making authorized network configuration unreliable.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization is deploying a new Python application on Cloud Run that requires a connection to a MySQL database on a Cloud SQL instance in a different Google Cloud project. You need to secure this connection while minimizing management overhead. What should you do?
A
Use a public IP address for the Cloud SQL instance. Integrate the Cloud SQL Python Connector into your application code to connect to the Cloud SQL instance.
B
Ensure that the Cloud SQL instance doesn’t have a public IP address. Configure Cloud Run to use Cloud SQL Auth Proxy to connect to the Cloud SQL instance.
C
Ensure that the Cloud SQL instance doesn't have a public IP address. Enforce SSL/TLS. Require the use of a trusted client certificate to connect to the Cloud SQL instance.
D
Ensure that the Cloud SQL instance doesn’t have a public IP address. Configure the application's IP address as an authorized network to connect to the Cloud SQL instance.
No comments yet.