Google Cloud Professional Cloud Database Engineer — Question 129

You have a non-critical business application running on Google Kubernetes Engine (GKE) in the app-dev VPC. You have created an AlloyDB cluster with Private Service Access (PSA) and no public IP address in the db-dev VPC. You want your application to securely connect to AlloyDB in a cost-effective way. What should you do?

Answer options

• A. Set up a high availability VPN between the app-dev and db-dev VPCs. Connect the application directly to AlloyDB.
• B. Connect by using the private IP address of the AlloyDB cluster directly from the application.
• C. Connect by using AlloyDB Auth Proxy installed in the GKE cluster.
• D. Install a SOCKS proxy in a VM in the db-dev VPC. Install AlloyDB Auth Proxy in your GKE cluster, and connect to the AlloyDB cluster through the SOCKS server and port.

Correct answer: C

Explanation

The correct answer is C because using the AlloyDB Auth Proxy allows for secure authentication and connection management without exposing the database to the public internet. Option A is unnecessary as a VPN introduces additional complexity and cost. Option B does not provide the security benefits offered by the proxy, and option D complicates the setup with an unnecessary SOCKS proxy, increasing the potential for misconfiguration.