Google Exam Professional-Cloud-Security-Engineer Topic 1 Question 91 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 91
Topic #: 1

[All Professional Cloud Security Engineer Questions]

Your customer has an on-premises Public Key Infrastructure (PKI) with a certificate authority (CA). You need to issue certificates for many HTTP load balancer frontends. The on-premises PKI should be minimally affected due to many manual processes, and the solution needs to scale.

What should you do?

AUse Certificate Manager to issue Google managed public certificates and configure it at HTTP the load balancers in your infrastructure as code (laC).

BUse Certificate Manager to import certificates issued from on-premises PKI and for the frontends. Leverage the gcloud tool for importing

CUse a subordinate CA in the Google Certificate Authority Service from the on-premises PKI system to issue certificates for the load balancers.

DUse the web applications with PKCS12 certificates issued from subordinate CA based on OpenSSL on-premises Use the gcloud tool for importing. Use the External TCP/UDP Network load balancer instead of an external HTTP Load Balancer.

Show Suggested Answer

Suggested Answer: C

This approach allows you to leverage your existing on-premises PKI infrastructure while minimizing its impact and manual processes. By creating a subordinate CA in Google's Certificate Authority Service, you can automate the process of issuing certificates for your HTTP load balancer frontends. This solution scales well as the number of load balancers increases.

by Janae at Sep 17, 2024, 04:14 PM

Limited Time Offer

25%

Off

Get Premium Professional-Cloud-Security-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Crissy

13 days ago

I personally think option C is the way to go, using a subordinate CA in the Google Certificate Authority Service from our on-premises PKI system seems like a scalable solution.

upvoted 0 times

...

James

14 days ago

I disagree, I believe option B is more suitable as it allows us to import certificates from our on-premises PKI and use the gcloud tool for importing.

upvoted 0 times

...

Staci

18 days ago

Option C is the way to go! Leveraging the Google Certificate Authority Service to issue certificates for the load balancers is the most scalable and minimally intrusive solution.

upvoted 0 times

Yasuko

2 days ago

I agree, using a subordinate CA in the Google Certificate Authority Service will help maintain the on-premises PKI system while scaling for the load balancers.

upvoted 0 times

...

German

4 days ago

Option C is the way to go! Leveraging the Google Certificate Authority Service to issue certificates for the load balancers is the most scalable and minimally intrusive solution.

upvoted 0 times

...

Glendora

24 days ago

I think option A is the best choice because it allows us to issue Google managed public certificates and configure them using infrastructure as code.

upvoted 0 times

...