Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 4 Question 29 Discussion

You are part of a security team that wants to ensure that a Cloud Storage bucket in Project A can only be readable from Project B. You also want to ensure that data in the Cloud Storage bucket cannot be accessed from or copied to Cloud Storage buckets outside the network, even if the user has the correct credentials.What should you do?
B) Enable Domain Restricted Sharing Organization Policy and Bucket Policy Only on the Cloud Storage bucket.
A) Enable VPC Service Controls, create a perimeter with Project A and B, and include Cloud Storage service.
C) Enable Private Access in Project A and B networks with strict firewall rules to allow communication between the networks.
D) Enable VPC Peering between Project A and B networks with strict firewall rules to allow communication between the networks.

Google Professional Cloud Security Engineer Exam - Topic 4 Question 29 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 29
Topic #: 4
[All Professional Cloud Security Engineer Questions]

You are part of a security team that wants to ensure that a Cloud Storage bucket in Project A can only be readable from Project B. You also want to ensure that data in the Cloud Storage bucket cannot be accessed from or copied to Cloud Storage buckets outside the network, even if the user has the correct credentials.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: B

https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains

by Merlyn at May 07, 2022, 10:55 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Alita
7 months ago
Wait, can you really restrict access like that? Sounds too good to be true!
upvoted 0 times
...
Nana
7 months ago
D seems risky, not sure if it's the best option.
upvoted 0 times
...
Horace
8 months ago
C sounds good, but it might not be strict enough.
upvoted 0 times
...
Yolande
8 months ago
I think B might be enough for this scenario.
upvoted 0 times
...
Art
8 months ago
A is definitely the way to go for security!
upvoted 0 times
...
Virgie
8 months ago
I think Bucket Policy Only could be useful, but it might not fully prevent access from outside the network. I lean towards VPC Service Controls for this question.
upvoted 0 times
...
Melvin
8 months ago
I'm a bit confused about the difference between VPC Peering and VPC Service Controls. I feel like both could help, but I can't recall which one is more suitable for this scenario.
upvoted 0 times
...
Brianne
8 months ago
I remember a practice question where we had to limit access between projects, and VPC Service Controls was a key part of that. It feels like the best option here too.
upvoted 0 times
...
Olene
8 months ago
I think enabling VPC Service Controls might be the right approach since it can help restrict access to the Cloud Storage bucket based on the projects. But I'm not entirely sure if it covers all the requirements.
upvoted 0 times
...
Shelia
8 months ago
Okay, let's see. I think the key is to configure the virtual MAC address and the standby IP addresses. Those seem like the critical steps to get the redundancy working.
upvoted 0 times
...
Franklyn
8 months ago
I'm a little unsure about the dynamic PIR rate adjustment for CFHP policers. I'll need to double-check my notes on that.
upvoted 0 times
...

Save Cancel