Free Google Cloud Architect Actual Exam Questions - Question 12 Discussion
protected with rate limiting, quota enforcement, and authentication for partners.
Which GCP service is recommended to sit in front of the Cloud Run service?
Option C definitely makes the most sense here since Cloud Endpoints and Apigee X are designed to manage APIs with built-in support for authentication and rate limiting. A load balancer (A) can distribute traffic but doesn’t enforce quotas or auth natively. VPC Service Controls (B) focus more on securing data boundaries, not API usage controls. Cloud Functions (D) is just a compute option and doesn’t provide an API management layer. So, for protecting the API with those specific features, C is the way to go.
Makes sense to rule out A and D since they don’t handle authentication or rate limits directly. B is more about security perimeters, so C fits best for API controls like quota and auth. C it is.
Maybe B makes sense too since enabling autoscaling on the managed instance group directly ties node count to CPU load, complementing the pod scaling with HorizontalPodAutoscaler. The question doesn’t say if it’s GKE-native or not.
I agree with picking A because it covers both pod and node scaling properly. The maxUnavailable and maxSurge settings in C and D are for rolling updates, not autoscaling. So A is the only option that fits.
A makes sense here. HorizontalPodAutoscaler adjusts pods based on CPU, and Cluster Autoscaler manages node count automatically, so both together handle scaling at pod and node levels.
B tbh doesn’t cover pod scaling properly, just node scaling, so it misses half the point. A makes sense since HorizontalPodAutoscaler manages pods and Cluster Autoscaler handles nodes.
A. This combo fits best-HorizontalPodAutoscaler for pods, Cluster Autoscaler to add/remove nodes. B feels off since autoscaling the instance group alone doesn’t handle pod scaling well.