GCP Professional Cloud Architect Practice Question
Your company runs dozens of microservices on private GKE clusters in two regions. You must publish a public partner API that enforces OAuth 2.0 access tokens, blocks malicious JSON payloads, applies per-partner call quotas, and keeps the microservice endpoints completely unreachable from the public internet. You want to minimize code changes in the services and centralize policy management while maintaining high availability across regions. Which architecture best meets these requirements?
Deploy Cloud Endpoints with ESPv2 sidecars in every microservice, expose each service through a regional external load balancer, and rely on Cloud Armor rules for quota and threat protection.
Configure a regional external HTTP(S) load balancer that sends traffic directly to the GKE Ingress, use network firewall rules for isolation, and add a service mesh filter to validate OAuth tokens.
Provision Apigee X in its own project, front it with a global external HTTP(S) load balancer, peer the Apigee runtime VPC to each microservice VPC, and implement OAuth 2.0, Quota, and JSON Threat Protection policies in Apigee.
Place an internal TCP load balancer in front of GKE, enable Cloud NAT for egress, and embed custom OAuth and quota middleware inside each microservice.
Using Apigee X with a global external HTTP(S) load balancer provides a single, highly available entry point for all partner traffic. Apigee's built-in OAuthV2, Quota, and JSON Threat Protection policies let you enforce authentication, rate limits, and content filtering without modifying backend code. Peering the Apigee tenant VPC with the microservices VPCs allows private, RFC 1918 connectivity so the services remain inaccessible from the public internet. The other options either expose backends publicly, require per-service code changes, or lack centralized enforcement of all required controls.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Apigee X and how does it work in this architecture?
Open an interactive chat with Bash
Why is RFC 1918 connectivity important in this solution?
Open an interactive chat with Bash
How does the global external HTTP(S) load balancer maintain high availability across regions?
Open an interactive chat with Bash
What is Apigee X and how does it provide centralized policy management?
Open an interactive chat with Bash
How does VPC peering between Apigee X and microservice VPCs keep services private?
Open an interactive chat with Bash
Why is a global external HTTP(S) load balancer used in this architecture?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Managing implementation
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .