Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Architect (PR000213) Exam - Topic 11 Question 16 Discussion

Your company has sensitive data in Cloud Storage buckets. Data analysts have Identity Access Management (IAM) permissions to read the buckets. You want to prevent data analysts from retrieving the data in the buckets from outside the office network. What should you do?
A) 1. Create a VPC Service Controls perimeter that includes the projects with the buckets. 2. Create an access level with the CIDR of the office network.
B) 1. Create a firewall rule for all instances in the Virtual Private Cloud (VPC) network for source range. 2. Use the Classless Inter-domain Routing (CIDR) of the office network.
C) 1. Create a Cloud Function to remove IAM permissions from the buckets, and another Cloud Function to add IAM permissions to the buckets. 2. Schedule the Cloud Functions with Cloud Scheduler to add permissions at the start of business and remove permissions at the end of business.
D) 1. Create a Cloud VPN to the office network. 2. Configure Private Google Access for on-premises hosts.

Google Professional Cloud Architect (PR000213) Exam - Topic 11 Question 16 Discussion

Actual exam question for Google's Professional Cloud Architect (PR000213) exam
Question #: 16
Topic #: 11
[All Professional Cloud Architect (PR000213) Questions]

Your company has sensitive data in Cloud Storage buckets. Data analysts have Identity Access Management (IAM) permissions to read the buckets. You want to prevent data analysts from retrieving the data in the buckets from outside the office network. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

For all Google Cloud services secured with VPC Service Controls, you can ensure that: Resources within a perimeter are accessed only from clients within authorized VPC networks using Private Google Access with either Google Cloud or on-premises. https://cloud.google.com/vpc-service-controls/docs/overview

https://cloud.google.com/vpc-service-controls/docs/overview. You create a service control across your VPC and any cloud bucket or any project resource to restrict access. Anything outside of it can't access the resources within service control perimeter


by Merissa at May 06, 2022, 12:00 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Architect (PR000213) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dorothea
7 months ago
Wait, you can schedule IAM permissions? That’s wild!
upvoted 0 times
...
Gail
7 months ago
B sounds good, but can it really restrict access effectively?
upvoted 0 times
...
Virgilio
8 months ago
I’m not so sure about C, seems overly complicated.
upvoted 0 times
...
Hoa
8 months ago
Totally agree, VPC Service Controls are essential!
upvoted 0 times
...
Brock
8 months ago
A is the best option for securing data access.
upvoted 0 times
...
Lenora
8 months ago
Option D might be a good choice, but I’m not clear on how Cloud VPN and Private Google Access work together. I remember they can secure connections, but I’m unsure if they directly solve the problem here.
upvoted 0 times
...
Queenie
8 months ago
I practiced a similar question, and I feel like option C is a bit overcomplicated. Removing and adding IAM permissions with Cloud Functions seems risky and not very efficient.
upvoted 0 times
...
Teresita
8 months ago
I think option A sounds familiar. I remember studying VPC Service Controls and how they can help restrict access based on network locations.
upvoted 0 times
...
Salena
8 months ago
I'm not entirely sure, but option B seems like it could work too. I recall something about firewall rules and CIDR, but I’m not confident if that’s the best approach for this scenario.
upvoted 0 times
...
Elenora
8 months ago
Okay, let me think this through. The question is asking for a term that describes a manager who is present and engaged with their employees, right? I'm pretty sure the answer is "Active management" - that sounds like the right concept.
upvoted 0 times
...
Lilli
8 months ago
Okay, I think I've got this. Since the question mentions a validating parser, I'm guessing the output will be either a warning or an error, depending on the specific issue with the XML document. Let me think this through step-by-step.
upvoted 0 times
...
Genevieve
8 months ago
Hmm, I'm a bit unsure about the differences between the two. I'll need to review the details on partitioning and resiliency to make sure I understand which one is the correct benefit.
upvoted 0 times
...

Save Cancel