Google Professional Cloud Security Engineer Exam - Topic 1 Question 19 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 19
Topic #: 1

[All Professional Cloud Security Engineer Questions]

Your team wants to make sure Compute Engine instances running in your production project do not have public IP addresses. The frontend application Compute Engine instances will require public IPs. The product engineers have the Editor role to modify resources. Your team wants to enforce this requirement.

How should your team meet these requirements?

AEnable Private Access on the VPC network in the production project.

BRemove the Editor role and grant the Compute Admin IAM role to the engineers.

CSet up an organization policy to only permit public IPs for the front-end Compute Engine instances.

DSet up a VPC network with two subnets: one with public IPs and one without public IPs.

Show Suggested Answer

Suggested Answer: C

https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address

by Selma at May 05, 2022, 10:55 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Kris

4 months ago

I think B is too restrictive for the engineers.

upvoted 0 times

...

Catarina

4 months ago

A is a good idea, but might not cover everything.

upvoted 0 times

...

Ivan

4 months ago

Wait, can you really enforce that with just a policy?

upvoted 0 times

...

Frederica

4 months ago

I disagree, D could work too!

upvoted 0 times

...

Emile

5 months ago

Option C seems like the best choice.

upvoted 0 times

...

Ariel

5 months ago

I recall that organization policies can enforce rules across projects. Maybe option C is the best way to ensure only front-end instances get public IPs?

upvoted 0 times

...

Matthew

5 months ago

I’m a bit confused about the IAM roles. Removing the Editor role seems drastic, but I guess granting Compute Admin could help manage the instances better?

upvoted 0 times

...

Tegan

5 months ago

I remember we discussed the importance of keeping production instances secure, but I'm not sure if enabling Private Access is enough to prevent public IPs.

upvoted 0 times

...

Aliza

5 months ago

I think we practiced a similar question where we had to restrict public IPs. I feel like setting up a VPC with two subnets might be the right approach here.

upvoted 0 times

...

Yuki

5 months ago

This one seems pretty straightforward. I'm pretty sure the answer is timestamps, since that's the only option that can be viewed as a chart.

upvoted 0 times

...

Norah

5 months ago

Okay, I've got this. The Orphan List and the Node Inactive property are the two ways to identify active and discontinued products in DRM. I'm confident I can explain the differences between those approaches.

upvoted 0 times

...

Marnie

5 months ago

Hmm, I'm a bit unsure about this one. I'm trying to think through the different options, but I'm not entirely confident in my understanding of how each of these technologies could help reduce administrative overhead.

upvoted 0 times

...