Ultimate access to all questions.
Answer-first summary for fast verification
Answer: Set up VPC Network Peering between Project A and Project B. Create a Compute Engine instance without external IP address in Project B on the peered subnet to serve as a proxy server to the Cloud SQL database.
## Explanation **Option C is correct** because it provides a secure, private connectivity solution without exposing data to the public internet: - **VPC Network Peering** establishes direct network connectivity between Project A and Project B - **Compute Engine instance without external IP** in Project B acts as a proxy server within the peered subnet - **Private connectivity** is maintained throughout the data flow - **Cloud SQL Auth proxy** can be installed on the proxy server to facilitate secure database connections **Why other options are incorrect:** - **Option A**: VPC Network Peering alone doesn't enable connectivity to Cloud SQL instances with private IP addresses. You need additional configuration like private services access and proper subnet allocation. - **Option B**: Cloud NAT doesn't support connectivity to Cloud SQL instances with private IP addresses. Cloud NAT only provides outbound connectivity for resources without public IPs, but doesn't solve the private Cloud SQL connectivity issue. - **Option D**: Adding external IPs as authorized networks would expose the Cloud SQL instance to the public internet, violating the security requirement. This approach also doesn't work for Cloud SQL instances with private IP addresses. This solution maintains data privacy while enabling the Dataflow pipeline in Project A to securely access the Cloud SQL instance in Project B through the proxy server over the peered network.
Author: LeetQuiz .
No comments yet.
NO.16
You are developing an Apache Beam pipeline to extract data from a Cloud SQL instance by using JdbcIO. You have two projects running in Google Cloud. The pipeline will be deployed and executed on Dataflow in Project A. The Cloud SQL instance is running in Project B and does not have a public IP address. After deploying the pipeline, you noticed that the pipeline failed to extract data from the Cloud SQL instance due to connection failure. You verified that VPC Service Controls and shared VPC are not in use in these projects. You want to resolve this error while ensuring that the data does not go through the public internet. What should you do?
A
Set up VPC Network Peering between Project A and Project B. Add a firewall rule to allow the peered subnet range to access all instances on the network.
B
Turn off the external IP addresses on the Dataflow worker. Enable Cloud NAT in Project A.
C
Set up VPC Network Peering between Project A and Project B. Create a Compute Engine instance without external IP address in Project B on the peered subnet to serve as a proxy server to the Cloud SQL database.
D
Add the external IP addresses of the Dataflow worker as authorized networks in the Cloud SQL instance.