Restrict Access to Google Cloud Load-Balanced Application: IP Address Restrictions

Restrict Access to Google Cloud Load-Balanced Application

Next Question

Question

You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.

What should you do?

Answers

A. Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.

B. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.

C. Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.

D. Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

https://link.springer.com/chapter/10.1007/978-1-4842-1004-8_4

The correct answer to the question is B. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.

Explanation: To restrict access to a Google Cloud load-balanced application to specific IP addresses, we need to ensure that only traffic from those allowed IP addresses is allowed to reach the backend instances. The most secure way to do this is to use VPC Service Controls, which is a managed service that allows you to create a secure perimeter around Google Cloud resources.

Option A suggests using Access Context Manager feature of VPC Service Controls to create a secure perimeter and restrict access to the source IP range of allowed clients and Google health check IP ranges. This option is not the best choice as Access Context Manager is used for fine-grained access control to specific resources within a project, whereas VPC Service Controls provide a secure perimeter around Google Cloud resources.

Option C suggests tagging the backend instances and creating a firewall rule with a target tag "application" and source IP range of allowed clients and Google health check IP ranges. However, this option does not take into account the load balancer, which distributes traffic among backend instances. Therefore, it is not the best option.

Option D suggests labeling the backend instances and creating a firewall rule with a target label "application" and source IP range of allowed clients and Google health check IP ranges. This option is similar to option C and does not take into account the load balancer.

Option B is the best option because it suggests creating a secure perimeter using VPC Service Controls and marking the load balancer as a service restricted to the source IP range of allowed clients and Google health check IP ranges. This option ensures that only traffic from allowed IP addresses is allowed to reach the load balancer and then forwarded to the backend instances.

Next Question