Google Cloud Professional Cloud Developer — Question 173

Your team is responsible for maintaining an application that aggregates news articles from many different sources. Your monitoring dashboard contains publicly accessible real-time reports and runs on a Compute Engine instance as a web application. External stakeholders and analysts need to access these reports via a secure channel without authentication. How should you configure this secure channel?

Answer options

• A. Add a public IP address to the instance. Use the service account key of the instance to encrypt the traffic.
• B. Use Cloud Scheduler to trigger Cloud Build every hour to create an export from the reports. Store the reports in a public Cloud Storage bucket.
• C. Add an HTTP(S) load balancer in front of the monitoring dashboard. Configure Identity-Aware Proxy to secure the communication channel.
• D. Add an HTTP(S) load balancer in front of the monitoring dashboard. Set up a Google-managed SSL certificate on the load balancer for traffic encryption.

Correct answer: D

Explanation

Answer D is correct because adding an HTTP(S) load balancer and a Google-managed SSL certificate ensures that all traffic to the monitoring dashboard is encrypted, providing a secure channel for external stakeholders. Option A does not provide adequate security without proper authentication. Option B makes the reports publicly available, which contradicts the requirement for a secure channel. Option C, while it adds security, still requires authentication which is not acceptable in this scenario.