Google Cloud Professional Cloud Security Engineer — Question 188

Your organization is implementing a new Python application that will be deployed on Cloud Run. The application needs to connect to a MySQL database that runs on Cloud SQL in a different project in your Google Cloud organization. You must secure the connection from the application to the Cloud SQL instance while minimizing management overhead. What should you do?

Answer options

• A. Use a public IP address for the Cloud SQL instance. Integrate the Cloud SQL Python Connector into your application code to connect to the Cloud SQL instance.
• B. Ensure that the Cloud SQL instance doesn’t have a public IP address. Configure Cloud Run to use Cloud SQL Auth Proxy to connect to the Cloud SQL instance.
• C. Ensure that the Cloud SQL instance doesn't have a public IP address. Enforce SSL/TLS. Require the use of a trusted client certificate to connect to the Cloud SQL instance.
• D. Ensure that the Cloud SQL instance doesn’t have a public IP address. Configure the application's IP address as an authorized network to connect to the Cloud SQL instance.

Correct answer: B

Explanation

The correct answer is B because using Cloud SQL Auth Proxy allows for a secure connection without exposing the database to the public internet, thus minimizing management overhead. Options A and D involve using a public IP, which is less secure, while option C adds unnecessary complexity by enforcing SSL/TLS and client certificates when the Auth Proxy could handle this more efficiently.