Exam Professional Cloud Security Engineer topic 1 question 93 discussion

The answer is A. This is question is covered by an example given for VPC Service Perimeters https://cloud.google.com/vpc-service-controls/docs/overview#isolate

"A" VPC Service controls were created for this type of use case. https://cloud.google.com/vpc-service-controls/docs/overview#isolate

Why not D?

A - a classic VPCSC question

A. Enable VPC Service Controls, create a perimeter with Project A and B, and include Cloud Storage service.

https://cloud.google.com/vpc-service-controls/docs/overview#isolate

A - VPC Service Controls

Answer is most positively A. VPC service controls lets Security team create fine-grained Perimeter across projects within organization. -> Security perimeter for API-Based services like Bigtable instances, Storage and Bigquery datasets.. are a kind of super powers for VPC Service control. well in my test, I chose option B, but Domain Restricted Organization policies are for limiting resource sharing based on domain. so if you're out in internet, and have credentials you still can access resources based on your domain access level. So B option is wrong.

The correct answer is: A This is obtained by the VPC Service Controls by the perimeter setup. Overview of VPC Service Controls https://cloud.google.com/vpc-service-controls/docs/overview

I would say option A is a better fit due to VPC Service Controls.

I'd be inclined to agree, option B seems a better fit. Here's my reasoning behind it: https://cloud.google.com/access-context-manager/docs/overview

what is being asked is data exfiltration as well and which can be only achieved via VPC permiter and created a bridge between both project.

Ans - B

B. https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains