Exam Professional Cloud Developer All QuestionsBrowse all questions from this exam
Question 81

Case study -

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an

All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Company Overview -

HipLocal is a community application designed to facilitate communication between people in close proximity. It is used for event planning and organizing sporting events, and for businesses to connect with their local communities. HipLocal launched recently in a few neighborhoods in Dallas and is rapidly growing into a global phenomenon. Its unique style of hyper-local community communication and business outreach is in demand around the world.

Executive Statement -

We are the number one local community app; it's time to take our local community services global. Our venture capital investors want to see rapid growth and the same great experience for new local and virtual communities that come online, whether their members are 10 or 10000 miles away from each other.

Solution Concept -

HipLocal wants to expand their existing service, with updated functionality, in new regions to better serve their global customers. They want to hire and train a new team to support these regions in their time zones. They will need to ensure that the application scales smoothly and provides clear uptime data.

Existing Technical Environment -

HipLocal's environment is a mix of on-premises hardware and infrastructure running in Google Cloud Platform. The HipLocal team understands their application well, but has limited experience in global scale applications. Their existing technical environment is as follows:

* Existing APIs run on Compute Engine virtual machine instances hosted in GCP.

* State is stored in a single instance MySQL database in GCP.

* Data is exported to an on-premises Teradata/Vertica data warehouse.

* Data analytics is performed in an on-premises Hadoop environment.

* The application has no logging.

* There are basic indicators of uptime; alerts are frequently fired when the APIs are unresponsive.

Business Requirements -

HipLocal's investors want to expand their footprint and support the increase in demand they are seeing. Their requirements are:

* Expand availability of the application to new regions.

* Increase the number of concurrent users that can be supported.

* Ensure a consistent experience for users when they travel to different regions.

* Obtain user activity metrics to better understand how to monetize their product.

* Ensure compliance with regulations in the new regions (for example, GDPR).

* Reduce infrastructure management time and cost.

* Adopt the Google-recommended practices for cloud computing.

Technical Requirements -

* The application and backend must provide usage metrics and monitoring.

* APIs require strong authentication and authorization.

* Logging must be increased, and data should be stored in a cloud analytics platform.

* Move to serverless architecture to facilitate elastic scaling.

* Provide authorized access to internal apps in a secure manner.

HipLocal is configuring their access controls.

Which firewall configuration should they implement?

    Correct Answer: C

    To ensure secure access while maintaining necessary functionality, it is best to allow traffic on port 443 for a specific tag. This approach supports HTTPS communication, which is vital for secure web traffic, and provides a granular level of control by specifying which resources can be accessed over this port. Blocking all traffic on port 443 would disrupt HTTPS communication, allowing all traffic would be insecure, and allowing all traffic on port 443 without specificity would expose the network to unnecessary risk. Therefore, allowing traffic on port 443 for a specific tag strikes the balance between accessibility and security.

Discussion
[Removed]Option: C

It depends on which authentication we are talking about. If it is an authentication to internal app, the answer is C (with specific tag). If it is an authentication to 'the' app that HipLocal offers to general users, the answer is D (with tag, all users outside that tag will be rejected). It is not clear to me, on which tag we are talking here.

syu31svcOption: C

Port 443 -> HTTPS Blocking traffic on 443 does not make sense so A is wrong Allow all traffic is definitely not secure so B is out too Between C and D I'll take C

syu31svc

On second thought, correct answer is D as the application needs to be exposed externally the port 443 can be opened for all traffic.

p4

I would take C, to use tags as well, so that only traffic to selected VMs is allowed from outside, probably you don't want to expose every VM via port 443? https://cloud.google.com/vpc/docs/add-remove-network-tags

thewalkerOption: C

The best answer is C. Allow traffic on port 443 for a specific tag. Here's why: Security: Blocking all traffic on port 443 (option A) would prevent HTTPS communication, which is essential for secure web traffic. Allowing all traffic (option B) would be extremely insecure and leave the network vulnerable to attacks. Allowing all traffic on port 443 (option D) would also be insecure, as it would allow any device to access the network on that port. Granular Control: Using tags to control access on port 443 (option C) provides a granular and secure approach. HipLocal can create a specific tag for authorized devices or services and only allow traffic from those tagged resources on port 443. This ensures that only trusted entities can access the network over HTTPS.

thewalker

Example: HipLocal could create a tag called "trusted-services" and apply it to their web servers and load balancers. They could then configure their firewall to allow traffic on port 443 only from resources with the "trusted-services" tag. This would prevent unauthorized access to their network while allowing legitimate HTTPS traffic. In summary: Option C provides the most secure and flexible approach to configuring HipLocal's firewall, allowing them to control access to their network on port 443 while maintaining security.

RajanOption: C

C is correct

closer89Option: C

app is running on compute engine i assume nginx Is running on compute instance and you need to expose 443 and 80 for network tag

tomato123Option: C

C is correct

dishumOption: C

C is correct