Topic 1 Question 115
Your company has sensitive data in Cloud Storage buckets. Data analysts have Identity Access Management (IAM) permissions to read the buckets. You want to prevent data analysts from retrieving the data in the buckets from outside the office network. What should you do?
- Create a VPC Service Controls perimeter that includes the projects with the buckets. 2. Create an access level with the CIDR of the office network.
- Create a firewall rule for all instances in the Virtual Private Cloud (VPC) network for source range. 2. Use the Classless Inter-domain Routing (CIDR) of the office network.
- Create a Cloud Function to remove IAM permissions from the buckets, and another Cloud Function to add IAM permissions to the buckets. 2. Schedule the Cloud Functions with Cloud Scheduler to add permissions at the start of business and remove permissions at the end of business.
- Create a Cloud VPN to the office network. 2. Configure Private Google Access for on-premises hosts.
ユーザの投票
コメント(17)
Should be A. For all Google Cloud services secured with VPC Service Controls, you can ensure that: Resources within a perimeter are accessed only from clients within authorized VPC networks using Private Google Access with either Google Cloud or on-premises. https://cloud.google.com/vpc-service-controls/docs/overview
👍 59TotoroChina2021/06/30IMHO c is wrong - the question is not to restrict access only for business hours but to restrict access to office network.
In my opinion the only realistic approach seems to be a)
https://cloud.google.com/vpc-service-controls/docs/supported-products#table_storage
👍 15XDevX2021/06/30- 正解だと思う選択肢: A
I got similar question on my exam. Answered A.
👍 3[Removed]2022/02/11
シャッフルモード