Google Cloud Professional Cloud Network Engineer — Question 34

You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.
What should you do?

Answer options

• A. Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.
• B. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.
• C. Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.
• D. Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.

Correct answer: C

Explanation

The correct answer is C because tagging the backend instances allows for the creation of a firewall rule that specifically targets those instances based on the defined tag, effectively controlling access based on the source IP range. Option A incorrectly references the Access Context Manager, which is not necessary for this scenario, while B suggests marking the load balancer itself, which does not directly address the backend instances. Option D uses 'label' instead of 'tag,' which is not applicable for setting up firewall rules in this context.