A company has deployed a Global External HTTP(S) Load Balancer with a backend service that points to an instance group in us-central1. The load balancer's frontend uses a reserved static external IP address. Users in Europe report high latency, while users in Asia cannot reach the application at all. The application works fine when accessed directly via the instance group's internal IPs from within us-central1. Which action should be taken to resolve the issue?
Global access allows the load balancer's global IP to reach the backend instance group even though it's in a single region. Without it, traffic from other regions may be blocked.
Why this answer
Option D is correct because for a Global External HTTP(S) Load Balancer, the backend service must have the 'Enable Global Access' checkbox selected on the instance group's network settings. This setting allows the load balancer's global anycast IP to reach the backend instances across regions. Without it, the load balancer can only forward traffic to instances within the same region as the load balancer's frontend, causing high latency for European users and complete failure for Asian users.
Exam trap
The trap here is that candidates often assume a global load balancer automatically routes to any backend region, but they overlook the explicit 'Enable Global Access' checkbox that must be enabled for cross-region backend connectivity.
How to eliminate wrong answers
Option A is wrong because changing to a regional load balancer would limit the load balancer to a single region, worsening the issue for users outside that region; the correct solution is to keep the global load balancer and enable global access. Option B is wrong because Cloud CDN caches static content, but the problem is connectivity and routing, not content delivery speed; CDN does not fix the inability of Asian users to reach the application. Option C is wrong because configuring a DNS A record with a low TTL does not affect how the load balancer routes traffic to backend instances; the issue is at the network layer, not DNS resolution.