Google Cloud Professional Cloud Security Engineer Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Google Cloud Professional Cloud Security Engineer Exam with our interactive quiz. Study with flashcards and multiple-choice questions, complete with hints and explanations. Ace your exam with confidence!

Practice this question and more.

How can you restrict access from a managed instance group front end to a MySQL VM on a specific port?

Use a Cloud Function for access control
Configure an ingress firewall rule for the specific port
Implement IAM roles for both groups
Assign a public IP to the MySQL VM

The correct answer is: Configure an ingress firewall rule for the specific port

Restricting access from a managed instance group front end to a MySQL VM on a specific port is effectively achieved by configuring an ingress firewall rule for that port. Firewall rules in Google Cloud allow you to specify which incoming traffic is permitted to reach various resources within your virtual private cloud (VPC). By creating an ingress rule, you can define which sources are allowed to communicate with the MySQL VM and specify the exact port (typically, port 3306 for MySQL). This ensures that only authorized traffic from the managed instance group can reach the database, enhancing security by preventing unwanted connections from other sources. Using a Cloud Function for access control would not directly manage network traffic; instead, it would typically be used for event-driven tasks or automation. Implementing IAM roles generally focuses on resource-specific access controls at a higher, API level rather than managing network protocols and ports. Assigning a public IP to the MySQL VM could expose the database to all internet traffic, which is contrary to the goal of restricting access. Thus, configuring an ingress firewall rule is the most appropriate and effective method for controlling access to the MySQL VM on a specified port.