Google Cloud Professional Cloud Developer — Question 98

Your security team is auditing all deployed applications running in Google Kubernetes Engine. After completing the audit, your team discovers that some of the applications send traffic within the cluster in clear text. You need to ensure that all application traffic is encrypted as quickly as possible while minimizing changes to your applications and maintaining support from Google. What should you do?

Answer options

• A. Use Network Policies to block traffic between applications.
• B. Install Istio, enable proxy injection on your application namespace, and then enable mTLS.
• C. Define Trusted Network ranges within the application, and configure the applications to allow traffic only from those networks.
• D. Use an automated process to request SSL Certificates for your applications from Let's Encrypt and add them to your applications.

Correct answer: B

Explanation

The correct answer is B because installing Istio and enabling mTLS provides a comprehensive solution for encrypting traffic with minimal changes to existing applications. Option A is incorrect as it only restricts traffic without providing encryption. Option C also does not ensure traffic encryption, and option D involves additional complexity and potential management overhead compared to the integrated solution offered by Istio.