Google Cloud Professional Cloud Security Engineer — Question 204

Your company is migrating a three-tier web application to Google Cloud. The application consists of a web frontend, an application backend, and a database. Due to regulatory requirements and existing on-premises infrastructure dependencies, you need to implement a hybrid cloud architecture. The web frontend will be hosted on Google Cloud, while the application backend and the database will remain on-premises initially. You need to ensure secure and efficient communication between the cloud-based frontend and the on-premises backend and database, minimizing latency and maximizing availability. What should you do?

Answer options

• A. Establish a Dedicated Interconnect connection between the Google Cloud VPC network and the on-premises network. Configure firewall rules to allow communication between the three tiers.
• B. Establish a direct internet connection between the Google Cloud VPC network hosting the web frontend and the on-premises network that hosts the backend and database. Configure firewall rules to allow communication between the three tiers.
• C. Replicate the on-premises backend and database to Google Cloud. Use a hybrid connectivity network endpoint group for the primary. Backup to the zonal network endpoint group.
• D. Use a highly-available Cloud VPN connection over the public internet to connect the Google Cloud VPC network to the on-premises network.

Correct answer: A

Explanation

The correct answer is A because establishing a Dedicated Interconnect provides a high-bandwidth, low-latency connection that is secure and meets regulatory requirements. Option B is less effective since direct internet connections are more susceptible to latency and security issues. Option C involves unnecessary replication of resources and complexity, while Option D, although secure, may not provide the same level of performance and reliability as a Dedicated Interconnect.