ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 2: Managing and Provisioning a Solution InfrastructureDomain 2GKEPrivate ClusterNetworking

GCP PCA · Question 39 · Domain 2: Managing and Provisioning a Solution Infrastructure

You are deploying a highly secure application to Google Kubernetes Engine (GKE). The security team mandates that the GKE cluster must be a Private Cluster. Which THREE statements are true regarding GKE Private Clusters? (Select THREE)

Answer options:

A.

Nodes in a private cluster only have internal IP addresses.

B.

Pods in a private cluster cannot access the internet under any circumstances.

C.

You can use Master Authorized Networks to restrict which external IP addresses can access the cluster's control plane.

D.

The control plane (master) is hosted in your VPC network.

E.

VPC Peering is automatically configured to connect your VPC to the Google-managed control plane VPC.

F.

Private clusters do not support Horizontal Pod Autoscaling (HPA).

How to approach this question

Understand the architecture of a GKE Private Cluster: Nodes have no public IPs, the master is in a Google VPC, they communicate via peering, and you secure the master with authorized networks.

Full Answer

A,C,E
In a GKE Private Cluster, the worker nodes only have internal RFC 1918 IP addresses, protecting them from inbound internet traffic. The Kubernetes control plane (master) is managed by Google and resides in a separate Google-owned VPC. GCP automatically creates a VPC Peering connection between your VPC and the Google VPC so the nodes can talk to the master. To secure access to the master API server from the outside, you configure Master Authorized Networks.

Common mistakes

Believing the master is in your VPC (D). Google manages the master in their own tenant project.
38All questions40

Practice the full GCP Professional Cloud Architect Practice Exam 3

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...MediumQ02**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...HardQ03**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...MediumQ04**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...EasyQ05**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium
View all 50 questions →