Q: 3
A Chief Security Officer (CSO) mandates that all network connections within the
VPC network must be fully encrypted, even between internal services (VM-to-VM).
The application is deployed on Compute Engine. What is the Google Cloud
networking service that can enforce this?
Options
Discussion
Option B, not C. Just blocking non-HTTPS ports (C) doesn't force mTLS between VMs, which is actually needed here.
I don't think it's A here. The stack trace specifically calls out a manifest digest mismatch and unsigned entries, which are signature issues, not just missing dependencies. Option B targets the real issue-Java expects all JARs to be signed if any are. Some folks get tripped up by option A since missing files is a common deploy problem, but this error is classic for bad or absent signatures. Pretty sure B is right, but let me know if someone solved it differently.
B. not A. This one is about the signature mismatch, so you need to sign the JAR files properly before redeploying.
B , but I'd double-check the official guide or do a hands-on lab with service mesh and mTLS just to be sure.
Its B in this case. Service mesh with mTLS is built specifically for encrypting all internal traffic between VMs, and it does it automatically at the network layer. Just firewalling or load balancing won't guarantee encryption inside the VPC. Pretty sure that's what the CSO's asking for but open to other logic.
Yeah, I'd say B is most likely here.
B tbh, seen a similar question in exam reports and service mesh with mTLS is the key here.
Service mesh with mTLS is what actually encrypts all internal VM-to-VM traffic across the VPC. That's what B covers, not just firewalls or LB configs. Pretty sure B fits the CSO's ask, but correct me if I'm missing something.
D , but B is probably what they're after since you need service mesh mTLS for full internal encryption. D trips people up since it sounds like HTTPS everywhere.
B
Be respectful. No spam.
Question 3 of 35