Google Cloud Professional Cloud Security Engineer Practice Exam

To minimize internet exposure for Google Cloud VMs that host web services, what should you implement?

• A. Internal Load Balancer
• B. External HTTP(S) Load Balancer
• C. VPN Connection
• D. Firewall Rules

The correct answer is: External HTTP(S) Load Balancer

Minimizing internet exposure for Google Cloud VMs hosting web services requires implementing measures that control the traffic accessing those services. An External HTTP(S) Load Balancer routes incoming traffic to the backend services while serving as a point of control for that traffic. By utilizing an external load balancer, you can manage public internet traffic more effectively and implement necessary security features, such as SSL termination and advanced traffic management capabilities. When using an External HTTP(S) Load Balancer, you can leverage its built-in features, such as HTTPS support, to protect data in transit, and it also supports globally distributed deployments for performance improvements. This approach provides a controlled entry point for web traffic while maintaining security and performance. It allows for features like backend authentication and integration with other security services in Google Cloud, which helps further to minimize direct internet exposure for the VMs. Other options may not address the problem effectively. For instance, an Internal Load Balancer would only distribute traffic within a Virtual Private Cloud (VPC) and therefore would not be appropriate for public-facing web services. A VPN Connection is geared toward secure connectivity between environments rather than handling direct internet traffic for web services, and while Firewall Rules are essential for controlling access, they don't directly minimize internet exposure on their own