Google Professional Cloud Security Engineer Exam - Topic 4 Question 29 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 29
Topic #: 4

[All Professional Cloud Security Engineer Questions]

You are part of a security team that wants to ensure that a Cloud Storage bucket in Project A can only be readable from Project B. You also want to ensure that data in the Cloud Storage bucket cannot be accessed from or copied to Cloud Storage buckets outside the network, even if the user has the correct credentials.

What should you do?

AEnable VPC Service Controls, create a perimeter with Project A and B, and include Cloud Storage service.

BEnable Domain Restricted Sharing Organization Policy and Bucket Policy Only on the Cloud Storage bucket.

CEnable Private Access in Project A and B networks with strict firewall rules to allow communication between the networks.

DEnable VPC Peering between Project A and B networks with strict firewall rules to allow communication between the networks.

Show Suggested Answer

Suggested Answer: B

https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains

by Merlyn at May 07, 2022, 10:55 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Alita

4 months ago

Wait, can you really restrict access like that? Sounds too good to be true!

upvoted 0 times

...

Nana

4 months ago

D seems risky, not sure if it's the best option.

upvoted 0 times

...

Horace

4 months ago

C sounds good, but it might not be strict enough.

upvoted 0 times

...

Yolande

4 months ago

I think B might be enough for this scenario.

upvoted 0 times

...

Art

5 months ago

A is definitely the way to go for security!

upvoted 0 times

...

Virgie

5 months ago

I think Bucket Policy Only could be useful, but it might not fully prevent access from outside the network. I lean towards VPC Service Controls for this question.

upvoted 0 times

...

Melvin

5 months ago

I'm a bit confused about the difference between VPC Peering and VPC Service Controls. I feel like both could help, but I can't recall which one is more suitable for this scenario.

upvoted 0 times

...

Brianne

5 months ago

I remember a practice question where we had to limit access between projects, and VPC Service Controls was a key part of that. It feels like the best option here too.

upvoted 0 times

...

Olene

5 months ago

I think enabling VPC Service Controls might be the right approach since it can help restrict access to the Cloud Storage bucket based on the projects. But I'm not entirely sure if it covers all the requirements.

upvoted 0 times

...

Shelia

5 months ago

Okay, let's see. I think the key is to configure the virtual MAC address and the standby IP addresses. Those seem like the critical steps to get the redundancy working.

upvoted 0 times

...

Franklyn

5 months ago

I'm a little unsure about the dynamic PIR rate adjustment for CFHP policers. I'll need to double-check my notes on that.

upvoted 0 times

...