Topic 1 Question 113
You have two Google Cloud projects in a perimeter to prevent data exfiltration. You need to move a third project inside the perimeter; however, the move could negatively impact the existing environment. You need to validate the impact of the change. What should you do?
Enable Firewall Rules Logging inside the third project.
Modify the existing VPC Service Controls policy to include the new project in dry run mode.
Monitor the Resource Manager audit logs inside the perimeter.
Enable VPC Flow Logs inside the third project, and monitor the logs for negative impact.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: B👍 5nosense2022/12/01
B is right answer
n dry run mode, requests that violate the perimeter policy are not denied, only logged. Dry run mode is used to test perimeter configuration and to monitor usage of services without preventing access to resources. Common use cases include:
Determining the impact that changes to existing service perimeters will have.
Previewing the impact that new service perimeters will have.
Monitoring requests to protected services that originate from outside a service perimeter. For example, seeing where requests to a given service are coming from, or to identify unexpected service usage in your organization.
In your development environments, creating an analogous perimeter architecture to your production environment. This allows you to identify and mitigate any issues that will be caused by your service perimeters before pushing changes to your production environment.
Service perimeters can exist using dry run mode exclusively. You can also have service perimeters that use a hybrid of enforced and dry run modes. https://cloud.google.com/vpc-service-controls/docs/dry-run-mode
👍 4AzureDP9002022/11/30- 👍 2jitu0282022/12/09
シャッフルモード