Topic 1 Question 91
Your project is using Bigtable to store data that should not be accessed from the public internet under any circumstances, even if the requestor has a valid service account key. You need to secure access to this data. What should you do?
Use Identity and Access Management (IAM) for Bigtable access control.
Use VPC Service Controls to create a trusted network for the Bigtable service.
Use customer-managed encryption keys (CMEK).
Use Google Cloud Armor to add IP addresses to an allowlist.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: B
I'll go for B
👍 4chelbsik2022/12/25 B: Use VPC Service Controls to create a trusted network for the Bigtable service.
👍 1pk3492022/12/24B. A is wrong because you might have the right credentials but still access Bigtable across the internet. Same is true for C. Cloud Armor could help, but VPC Service Controls is a classic use case of ensuring access is only from within certain VPC networks. From Google’s documentation, “Users can define a security perimeter around Google Cloud resources such as Cloud Storage buckets, Bigtable instances, and BigQuery datasets to constrain data within a VPC and control the flow of data.” https://cloud.google.com/vpc-service-controls
👍 1dynamic_dba2023/03/14
シャッフルモード