Answer-first summary for fast verification
Answer: Create an ingress firewall rule to allow access only from the application to the database using firewall tags.
Option A is the correct answer because it directly addresses the requirement by using firewall rules with network tags to restrict database access exclusively to the frontend application. This approach is efficient and aligns with Google Cloud best practices for micro-segmentation within a VPC. While option B (subnet isolation) is mentioned in the community discussion as potentially more secure when combined with firewall rules, the question specifically asks for the network design to ensure only the frontend application can access the database, and A explicitly implements this via firewall rules. Options C and D (separate VPCs with VPN or peering) are overkill for this scenario, as they introduce unnecessary complexity and cost without providing additional security benefits for internal traffic control within the same project. The community consensus, with 100% of answers favoring A and upvoted comments supporting it, reinforces that A is the optimal choice for this requirement.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your team needs to ensure that only the frontend application can access the backend database, with no network access from other instances. How should the network be designed to achieve this?
A
Create an ingress firewall rule to allow access only from the application to the database using firewall tags.
B
Create a different subnet for the frontend application and database to ensure network isolation.
C
Create two VPC networks, and connect the two networks using Cloud VPN gateways to ensure network isolation.
D
Create two VPC networks, and connect the two networks using VPC peering to ensure network isolation.
No comments yet.