Google Cloud Professional Cloud Security Engineer Practice Exam

What two actions should be taken to securely configure communication between Web and App servers on Google Cloud?

• A. Deploy with public IPs and enable HTTP traffic
• B. Create an allow VPC firewall rule and deploy with instance templates
• C. Use Custom SSH keys for secure access
• D. Enable Cloud DNS for automatic updates

The correct answer is: Create an allow VPC firewall rule and deploy with instance templates

The correct choice focuses on the importance of network security and controlled access within Google Cloud. Creating an allow VPC firewall rule ensures that only authorized traffic is permitted between the Web and App servers. This is essential in a cloud environment to prevent unauthorized access and enhance overall security. By deploying with instance templates, you standardize the configuration of your instances, making it easier to manage and maintain security policies across multiple deployments. This is crucial for maintaining consistency in security configurations and reducing the likelihood of misconfigurations that could expose your servers to risks. In contrast, using public IPs and enabling HTTP traffic does not provide a secure means of communication, as it leaves the servers exposed to the public internet, increasing vulnerability to attacks. Utilizing custom SSH keys is related to securing access to instances but doesn’t address the communication security between servers directly, thus not being the best choice for this scenario. Enabling Cloud DNS pertains to resolving domain names and does not have a direct impact on secure communication between Web and App servers. While useful in certain contexts, it does not inherently enhance the security of the server-to-server communication.