Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 4 Question 94 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 94
Topic #: 4
[All Professional Cloud Security Engineer Questions]

You have stored company approved compute images in a single Google Cloud project that is used as an image repository. This project is protected with VPC Service Controls and exists in the perimeter along with other projects in your organization. This lets other projects deploy images from the image repository project. A team requires deploying a third-party disk image that is stored in an external Google Cloud organization. You need to grant read access to the disk image so that it can be deployed into the perimeter.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Sherly at Nov 17, 2024, 02:26 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Marti
6 days ago
I agree, A looks solid!
upvoted 0 times
...
Corinne
12 days ago
Option A seems like the right approach for granting access.
upvoted 0 times
...
Kandis
17 days ago
I think I recall that allowing external projects through organizational policies was a key point in our study materials. Option B seems like it could be a valid choice too.
upvoted 0 times
...
Brock
23 days ago
I’m a bit confused about the identity types. I thought we usually set them to specific identities, but here it says "any_identity." Does that really apply?
upvoted 0 times
...
Jettie
28 days ago
This question feels similar to one we practiced where we had to manage access between projects. I think option A might be the right approach since it mentions egress.
upvoted 0 times
...
Marquetta
1 month ago
I remember something about updating the perimeter, but I'm not sure if it's the egress or ingress fields we need to focus on for external access.
upvoted 0 times
...
Lizbeth
1 month ago
I feel pretty good about this one. The solution is to use the organizational policy constraints to allow the external project, which seems like the most straightforward approach.
upvoted 0 times
...
Annamae
1 month ago
Okay, I think I've got a handle on this. The key is configuring the egressTo and egressFrom fields in the perimeter to grant the necessary access. I'll double-check the options to make sure I have the right approach.
upvoted 0 times
...
Johana
1 month ago
Hmm, I'm a bit confused about the VPC Service Controls and perimeter concepts. I'll need to review those before I can confidently approach this.
upvoted 0 times
...
Darrin
1 month ago
This question looks pretty complex, but I think I can break it down step-by-step. Let me re-read the details carefully.
upvoted 0 times
...
Marguerita
11 months ago
Option D looks a bit confusing to me. Configuring the ingressFrom and ingressTo fields? Isn't this about granting read access, not controlling ingress? I'm a bit lost on this one.
upvoted 0 times
...
Luz
11 months ago
I'd go with Option C. It's similar to Option A, but it configures the egressTo field to include the external project number directly. Seems more straightforward.
upvoted 0 times
Jesusa
10 months ago
Let's go with Option C then.
upvoted 0 times
...
Roselle
10 months ago
I agree, configuring the egressTo field directly with the external project number makes sense.
upvoted 0 times
...
Devon
11 months ago
Yeah, Option C seems more direct and clear.
upvoted 0 times
...
Lucia
11 months ago
I think Option C is the way to go.
upvoted 0 times
...
...
Alaine
12 months ago
Wait, are we sure this isn't a trick question? What if the correct answer is to just send the external project a fruit basket and hope they grant us access?
upvoted 0 times
...
Ciara
12 months ago
I'm not sure. Should we also configure the egressFrom field to set identity Type to any_identity?
upvoted 0 times
...
Dorcas
12 months ago
Haha, now that's thinking outside the box! Although I'm not sure the Google Cloud team would appreciate the security implications of a fruit-based access control system.
upvoted 0 times
Twanna
11 months ago
D) Update the perimeter
upvoted 0 times
...
Huey
11 months ago
C) Update the perimeter
upvoted 0 times
...
Vincent
11 months ago
C) Update the perimeter
upvoted 0 times
...
Claudio
11 months ago
B) Allow the external project by using the organizational policy constraints/compute.trustedlmageProjects.
upvoted 0 times
...
Kanisha
11 months ago
A) Update the perimeter
upvoted 0 times
...
Tiera
11 months ago
B) Allow the external project by using the organizational policy constraints/compute.trustedlmageProjects.
upvoted 0 times
...
Leota
12 months ago
A) Update the perimeter
upvoted 0 times
...
...
Nu
12 months ago
I agree with Vernice. We also need to set the serviceName to compute.googleapis.com.
upvoted 0 times
...
Vernice
1 year ago
I think we should update the perimeter and configure the egressTo field to include the external Google Cloud project number.
upvoted 0 times
...

Save Cancel