Your organization has a 3-tier web application deployed in the same network on Google Cloud Platform. Each tier (web, API, and database) scales independently of the others. Network traffic should flow through the web to the API tier and then on to the database tier. Traffic should not flow between the web and the database tier. How should you configure the network?
Choose an answer
Tap an option to check your answer.
Correct answer: Add tags to each tier and set up firewall rules to allow the desired traffic flow.
Why this is the answer
The correct approach is to add tags to each tier and set up firewall rules. Google Cloud firewall rules can be applied to instances based on network tags, allowing precise control over traffic flow. By tagging each tier (e.g., web-tier, api-tier, db-tier), you can create rules that explicitly permit traffic from web-tier to api-tier, and from api-tier to db-tier, while denying direct traffic from web-tier to db-tier. Adding each tier to a different subnetwork would provide network segmentation but doesn't inherently prevent traffic between subnets without explicit firewall rules, which would still be needed. Setting up software-based firewalls on individual VMs is inefficient and difficult to manage at scale compared to cloud-native firewall rules. Adding tags and setting up routes is incorrect because routes primarily determine the path traffic takes to reach a destination, not whether it's allowed to flow. Firewall rules are responsible for permitting or denying traffic.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed