Answer-first summary for fast verification
Answer: Use a private cluster with a private endpoint with master authorized networks configured.
The question asks to reduce the attack surface for EHR Healthcare's GKE architecture following Google best practices. Option A (private cluster with private endpoint and master authorized networks) is the most secure configuration as it prevents all internet access to the control plane, which is critical for healthcare data protection. The community discussion strongly supports A (66% votes, highest upvoted comments) with references to Google documentation stating this is the most secure option when using Cloud Interconnect (which EHR has). Option C (private cluster with public endpoint) is less secure as it exposes the control plane to the internet, albeit with restrictions. Options B and D involve public clusters, which inherently increase the attack surface. The consensus is that A provides the highest security by keeping the control plane entirely private while allowing authorized access via Interconnect.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As the cloud architect for EHR Healthcare, you need to design a Google Kubernetes Engine network architecture that adheres to Google best practices. Based on the case study's business and technical requirements, what specific actions should you take to minimize the attack surface?
A
Use a private cluster with a private endpoint with master authorized networks configured.
B
Use a public cluster with firewall rules and Virtual Private Cloud (VPC) routes.
C
Use a private cluster with a public endpoint with master authorized networks configured.
D
Use a public cluster with master authorized networks enabled and firewall rules.
No comments yet.