Google Cloud Professional Cloud Database Engineer — Question 137

You are planning to migrate a 10 TB relational database from an on-premises environment to Cloud SQL for PostgreSQL. The database contains sensitive customer information. You want to follow Google-recommended practices to keep data secure during the migration. What should you do? (Choose two.)

Answer options

• A. Configure Cloud SQL for automatic patching, and enable binary logging.
• B. Establish a Private Service Connect connection between your on-premises environment and the Cloud SQL instance.
• C. Use an external IP address for the Cloud SQL instance, and configure firewall rules.
• D. Set up Identity and Access Management (IAM) roles to restrict access with Cloud SQL with an internal IP address.
• E. Leverage Storage Transfer Service with client-side encryption.

Correct answer: B, D

Explanation

Option B is correct because establishing a Private Service Connect connection enhances security by keeping the data transfer within Google's network, minimizing exposure to the internet. Option D is also correct as configuring IAM roles with internal IP access restricts access to authorized users only, further securing sensitive information. Options A, C, and E do not provide the same level of security for the migration process as the chosen answers.