Practice Test 2 | Google Cloud Certified Professional Cloud Security Engineer | Dumps | Mock Test

Question 38

Your security team manages the Network security in your organization. There is a need to allow Compute Engine Instances without external IPs to access Google APIs.

What can you do to achieve this?

A. Grant IAM permissions needed to perform tasks on the APIs.
B. Setup Context-aware access with ingress rules.
C. Enable Private Google Access.
D. Set up ingress firewall rules to allow traffic.

Answer

Correct Answer: C

Option A is incorrect. IAM permissions will not grant access to Google APIs without external IP, Cloud NAT or Private Google Access.
Option B is incorrect. Context-aware access ingress rule setup is used to allow access to resources based on client attributes such as network origin (IP address or VPC network), identity type (service account or user), identity, and device data. Access is defined by ingress rules.
Option C is CORRECT. Private Google access will enable VMs in a VPC to access APIs and services without an external IP.
Option D is incorrect. Firewall rules cannot grant access to Google APIs without external IP.

Reference:

https://cloud.google.com/vpc/docs/private-access-options

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

PCSE

Practice Test 2 | Google Cloud Certified Professional Cloud Security Engineer | Dumps | Mock Test

Question 38

Answer

Ads Blocker Detected!!!