You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
https://link.springer.com/chapter/10.1007/978-1-4842-1004-8_4The correct answer to the question is B. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.
Explanation: To restrict access to a Google Cloud load-balanced application to specific IP addresses, we need to ensure that only traffic from those allowed IP addresses is allowed to reach the backend instances. The most secure way to do this is to use VPC Service Controls, which is a managed service that allows you to create a secure perimeter around Google Cloud resources.
Option A suggests using Access Context Manager feature of VPC Service Controls to create a secure perimeter and restrict access to the source IP range of allowed clients and Google health check IP ranges. This option is not the best choice as Access Context Manager is used for fine-grained access control to specific resources within a project, whereas VPC Service Controls provide a secure perimeter around Google Cloud resources.
Option C suggests tagging the backend instances and creating a firewall rule with a target tag "application" and source IP range of allowed clients and Google health check IP ranges. However, this option does not take into account the load balancer, which distributes traffic among backend instances. Therefore, it is not the best option.
Option D suggests labeling the backend instances and creating a firewall rule with a target label "application" and source IP range of allowed clients and Google health check IP ranges. This option is similar to option C and does not take into account the load balancer.
Option B is the best option because it suggests creating a secure perimeter using VPC Service Controls and marking the load balancer as a service restricted to the source IP range of allowed clients and Google health check IP ranges. This option ensures that only traffic from allowed IP addresses is allowed to reach the load balancer and then forwarded to the backend instances.