GCP Associate Cloud Engineer Practice Question

Your company connects on-premises to Google Cloud through Cloud VPN. You need to deploy a Google Kubernetes Engine (GKE) cluster for a customer-facing microservices platform. Nodes must use only internal IP addresses to reduce the attack surface. The Kubernetes control plane must be replicated across multiple zones in the region. Operations wants Google to manage node provisioning, patching, and automatic scaling. Which GKE deployment option satisfies all requirements?

Create a public Autopilot regional cluster and restrict access with firewall rules.
Create a private standard regional cluster and enable node auto-upgrade.
Create a private Autopilot zonal cluster.
Create a private Autopilot regional cluster.

Report Issue

Answer Description

A private Autopilot regional cluster meets every stated requirement. Autopilot mode lets Google fully manage the data-plane nodes-including provisioning, patching, and automatic scaling-so the operations team does not manage VM instances. Marking the cluster as private ensures that nodes receive only internal RFC 1918 addresses and have no external IPs, reducing exposure. Choosing a regional control plane replicates masters in at least three zones within the region, providing high availability.

A standard private regional cluster would meet the networking and control-plane requirements but still leaves node lifecycle management to the operations team. An Autopilot zonal private cluster removes node administration work but uses a single-zone control plane, which does not satisfy the high-availability requirement. A public Autopilot cluster assigns a public endpoint to the control plane, which is outside the stated security goals.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.