Practice Test 1 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test
You are the network engineer in a company that has deployed application on Google Kubernetes Engine. Due a recent security breach, the company wants to enforce selected restrictions on the inter-pod communication within the cluster.
How can you achieve this?
A. Implement firewall rules to restrict traffic in the GKE cluster
B. Configure network policies in the GKE cluster
C. Configure VPC Service controls to restrict traffic flow within the GKE cluster
D. Create and apply Cloud Armor policies to restrict traffic flow within the GKE cluster
Correct Answer: B
- Option A is incorrect. Firewall rules are applicable only at the network (VPC) layer, it cannot be used to restrict inter-pod communications in a cluster.
- Option B is correct. Network policies allow you to limit connections between Pods. Therefore, using network policies provide better security by reducing the compromise radius.
- Option C is incorrect. VPC Service controls is used at the organization level and cannot be used to restrict inter-pod communications in a cluster.
- Option D is incorrect. Cloud Armor policies are used at the end of the network to provide protection against DDoS attacks and cannot be used to restrict inter-pod communications in a cluster.
Reference:
Comments are closed, but trackbacks and pingbacks are open.