Google Cloud Professional Cloud Architect — Question 3

You are deploying an application on App Engine that needs to integrate with an on-premises database. For security purposes, your on-premises database must not be accessible through the public internet. What should you do?

Answer options

• A. Deploy your application on App Engine standard environment and use App Engine firewall rules to limit access to the open on-premises database.
• B. Deploy your application on App Engine standard environment and use Cloud VPN to limit access to the on-premises database.
• C. Deploy your application on App Engine flexible environment and use App Engine firewall rules to limit access to the on-premises database.
• D. Deploy your application on App Engine flexible environment and use Cloud VPN to limit access to the on-premises database.

Correct answer: D

Explanation

The correct answer is D because deploying on the App Engine flexible environment and using Cloud VPN allows secure connectivity to the on-premises database without exposing it to the public internet. The other options either use the standard environment, which is less suitable for this scenario, or rely on App Engine firewall rules, which do not provide the secure private connection that Cloud VPN offers.