Google Cloud Professional Cloud Developer — Question 315

Your team plans to use AlloyDB as their database backend for an upcoming application release. Your application is currently hosted in a different project and network than the AlloyDB instances. You need to securely connect your application to the AlloyDB instance while keeping the projects isolated. You want to minimize additional operations and follow Google-recommended practices. How should you configure the network for database connectivity?

Answer options

• A. Provision a Shared VPC project where both the application project and the AlloyDB project are service projects.
• B. Use AlloyDB Auth Proxy and configure the application project’s firewall to allow connections to port 5433.
• C. Provision a service account from the AlloyDB project. Use this service account’s JSON key file as the --credentials-file to connect to the AlloyDB instance.
• D. Ask the database team to provision AlloyDB databases in the same project and network as the application.

Correct answer: B

Explanation

The correct answer, B, leverages the AlloyDB Auth Proxy, which provides a secure connection method without merging the projects' networks. Options A and D would compromise isolation by suggesting shared networks, while option C does not address the need for secure connectivity without merging projects.