New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 4 Question 94 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 94
Topic #: 4
[All Professional Cloud Security Engineer Questions]

You have stored company approved compute images in a single Google Cloud project that is used as an image repository. This project is protected with VPC Service Controls and exists in the perimeter along with other projects in your organization. This lets other projects deploy images from the image repository project. A team requires deploying a third-party disk image that is stored in an external Google Cloud organization. You need to grant read access to the disk image so that it can be deployed into the perimeter.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Sherly at Nov 17, 2024, 02:26 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Eliz
3 months ago
Not sure about C, looks a bit off to me.
upvoted 0 times
...
Hyun
3 months ago
B might be better for organizational policies.
upvoted 0 times
...
Blossom
3 months ago
Wait, is it really that simple?
upvoted 0 times
...
Marti
4 months ago
I agree, A looks solid!
upvoted 0 times
...
Corinne
4 months ago
Option A seems like the right approach for granting access.
upvoted 0 times
...
Kandis
4 months ago
I think I recall that allowing external projects through organizational policies was a key point in our study materials. Option B seems like it could be a valid choice too.
upvoted 0 times
...
Brock
4 months ago
I’m a bit confused about the identity types. I thought we usually set them to specific identities, but here it says "any_identity." Does that really apply?
upvoted 0 times
...
Jettie
4 months ago
This question feels similar to one we practiced where we had to manage access between projects. I think option A might be the right approach since it mentions egress.
upvoted 0 times
...
Marquetta
5 months ago
I remember something about updating the perimeter, but I'm not sure if it's the egress or ingress fields we need to focus on for external access.
upvoted 0 times
...
Lizbeth
5 months ago
I feel pretty good about this one. The solution is to use the organizational policy constraints to allow the external project, which seems like the most straightforward approach.
upvoted 0 times
...
Annamae
5 months ago
Okay, I think I've got a handle on this. The key is configuring the egressTo and egressFrom fields in the perimeter to grant the necessary access. I'll double-check the options to make sure I have the right approach.
upvoted 0 times
...
Johana
5 months ago
Hmm, I'm a bit confused about the VPC Service Controls and perimeter concepts. I'll need to review those before I can confidently approach this.
upvoted 0 times
...
Darrin
5 months ago
This question looks pretty complex, but I think I can break it down step-by-step. Let me re-read the details carefully.
upvoted 0 times
...
Marguerita
1 year ago
Option D looks a bit confusing to me. Configuring the ingressFrom and ingressTo fields? Isn't this about granting read access, not controlling ingress? I'm a bit lost on this one.
upvoted 0 times
...
Luz
1 year ago
I'd go with Option C. It's similar to Option A, but it configures the egressTo field to include the external project number directly. Seems more straightforward.
upvoted 0 times
Jesusa
1 year ago
Let's go with Option C then.
upvoted 0 times
...
Roselle
1 year ago
I agree, configuring the egressTo field directly with the external project number makes sense.
upvoted 0 times
...
Devon
1 year ago
Yeah, Option C seems more direct and clear.
upvoted 0 times
...
Lucia
1 year ago
I think Option C is the way to go.
upvoted 0 times
...
...
Alaine
1 year ago
Wait, are we sure this isn't a trick question? What if the correct answer is to just send the external project a fruit basket and hope they grant us access?
upvoted 0 times
...
Ciara
1 year ago
I'm not sure. Should we also configure the egressFrom field to set identity Type to any_identity?
upvoted 0 times
...
Dorcas
1 year ago
Haha, now that's thinking outside the box! Although I'm not sure the Google Cloud team would appreciate the security implications of a fruit-based access control system.
upvoted 0 times
Twanna
1 year ago
D) Update the perimeter
upvoted 0 times
...
Huey
1 year ago
C) Update the perimeter
upvoted 0 times
...
Vincent
1 year ago
C) Update the perimeter
upvoted 0 times
...
Claudio
1 year ago
B) Allow the external project by using the organizational policy constraints/compute.trustedlmageProjects.
upvoted 0 times
...
Kanisha
1 year ago
A) Update the perimeter
upvoted 0 times
...
Tiera
1 year ago
B) Allow the external project by using the organizational policy constraints/compute.trustedlmageProjects.
upvoted 0 times
...
Leota
1 year ago
A) Update the perimeter
upvoted 0 times
...
...
Nu
1 year ago
I agree with Vernice. We also need to set the serviceName to compute.googleapis.com.
upvoted 0 times
...
Vernice
1 year ago
I think we should update the perimeter and configure the egressTo field to include the external Google Cloud project number.
upvoted 0 times
...

Save Cancel