Practice Test 1 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test
A company has set up a service perimeter that includes the production and data projects. The data project uses several services such as Cloud Storage, Cloud Bigtable, and Cloud SQL and the production project hosts a VPC network. You have been asked to restrict the production project’s VPC access to only the Cloud Storage service within the data project with the least admin overhead.
How can this be achieved?
A. Enable VPC accessible services and add the Cloud Storage as an allowed service
B. Select the Enforced mode as the perimeter mode. Define a new service perimeter and place the production project in it
C. Configure the VPC network to use restricted VIP
D. Configure firewall rules in the production project’s VPC to restrict egress traffic to Cloud Storage
Correct Answer: A
- Option A is correct. Because both the project and data projects are in the same service perimeter, the production project has access to all the services in the data project. The VPC accessible services feature limits the set of services that are accessible from network endpoints inside your service perimeter.
- Option B is incorrect. This option will achieve the needed outcome, but it introduces the overhead of managing two service perimeters.
- Option C is incorrect. The restricted VIP cannot be used to restrict access of the production project to selected services in the data project within a perimeter.
- Option D is incorrect. Firewall rules cannot be used to restrict VPC access to Cloud Storage.
Reference:
Comments are closed, but trackbacks and pingbacks are open.