ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 3: Designing for Security and ComplianceDomain 3Cloud RunSecurityServerless

GCP PCA · Question 43 · Domain 3: Designing for Security and Compliance

You are deploying an internal microservice using Cloud Run. The service should only be accessible by other resources within your VPC network and should not be reachable from the public internet. Which TWO configurations must you apply to secure the Cloud Run service? (Select TWO)

Answer options:

A.

Set the Ingress setting to 'Internal'.

B.

Set the Ingress setting to 'Allow all'.

C.

Require authentication by removing the allUsers member from the roles/run.invoker role.

D.

Deploy the Cloud Run service inside a private GKE cluster.

E.

Configure a Cloud Armor policy to block all IPs.

How to approach this question

Securing Cloud Run involves two layers: Network security (Ingress settings) and Identity security (IAM Invoker role).

Full Answer

A,C
Securing a fully managed Cloud Run service requires configuring both network and identity controls. Setting Ingress to 'Internal' blocks all traffic originating from the public internet. Removing `allUsers` from the `Cloud Run Invoker` IAM role ensures that even if a request originates from within the VPC, the caller must present a valid Google-signed identity token to execute the service.

Common mistakes

Thinking Cloud Run is deployed inside a VPC subnet (D). Fully managed Cloud Run is serverless and exists outside your VPC; you use Serverless VPC Access or Internal Ingress to bridge the network gap.
42All questions44

Practice the full GCP Professional Cloud Architect Practice Exam 3

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...MediumQ02**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...HardQ03**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...MediumQ04**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...EasyQ05**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium
View all 50 questions →