Google Cloud Professional Cloud Database Engineer — Question 50

You are configuring the networking of a Cloud SQL instance. The only application that connects to this database resides on a Compute Engine VM in the same project as the Cloud SQL instance. The VM and the Cloud SQL instance both use the same VPC network, and both have an external (public) IP address and an internal (private) IP address. You want to improve network security. What should you do?

Answer options

• A. Disable and remove the internal IP address assignment.
• B. Disable both the external IP address and the internal IP address, and instead rely on Private Google Access.
• C. Specify an authorized network with the CIDR range of the VM.
• D. Disable and remove the external IP address assignment.

Correct answer: D

Explanation

The correct answer is D because removing the external IP address enhances security by preventing direct access to the Cloud SQL instance from the internet, ensuring that access is only possible through the internal network. Options A and B would either remove necessary internal access or rely on Private Google Access, which is not required in this scenario. Option C does not address the security concern effectively as it does not eliminate the external IP exposure.