ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 168 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 168
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your security team wants to implement a defense-in-depth approach to protect sensitive data stored in a Cloud Storage bucket. Your team has the following requirements:
✑ The Cloud Storage bucket in Project A can only be readable from Project B.
✑ The Cloud Storage bucket in Project A cannot be accessed from outside the network.
✑ Data in the Cloud Storage bucket cannot be copied to an external Cloud Storage bucket.
What should the security team do?

  • A. Enable domain restricted sharing in an organization policy, and enable uniform bucket-level access on the Cloud Storage bucket.
  • B. Enable VPC Service Controls, create a perimeter around Projects A and B, and include the Cloud Storage API in the Service Perimeter configuration.
  • C. Enable Private Access in both Project A and B's networks with strict firewall rules that allow communication between the networks.
  • D. Enable VPC Peering between Project A and B's networks with strict firewall rules that allow communication between the networks.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by tangac at Sept. 3, 2022, 3:16 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Baburao
Highly Voted 1 year, 7 months ago
Should be B. VPC Peering is between organizations not between Projects in an organization. That is Shared VPC. In this case, both projects are in same organization so having VPC Service Controls around both projects with necessary rules should be fine.
upvoted 7 times
GHOST1985
1 year, 7 months ago
Answer is B, but you can ave vpc peering between two projects in the same organization, nothing prevents that if you have only two prjects to communicates vpc peering i better than shared vpc ;)
upvoted 2 times
...
...
anshad666
Most Recent 8 months, 1 week ago
Selected Answer: B
A classic example of VPC Service Control perimeter
upvoted 4 times
...
TonytheTiger
1 year, 5 months ago
B: https://cloud.google.com/vpc-service-controls/docs/overview
upvoted 3 times
...
AzureDP900
1 year, 5 months ago
B is right
upvoted 2 times
...
AwesomeGCP
1 year, 6 months ago
Selected Answer: B
B. Enable VPC Service Controls, create a perimeter around Projects A and B, and include the Cloud Storage API in the Service Perimeter configuration.
upvoted 4 times
...
tangac
1 year, 7 months ago
Selected Answer: B
https://www.examtopics.com/discussions/google/view/33958-exam-professional-cloud-security-engineer-topic-1-question/
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago