Topic 1 Question 113
You are troubleshooting access denied errors between Compute Engine instances connected to a Shared VPC and BigQuery datasets. The datasets reside in a project protected by a VPC Service Controls perimeter. What should you do?
Add the host project containing the Shared VPC to the service perimeter.
Add the service project where the Compute Engine instances reside to the service perimeter.
Create a service perimeter between the service project where the Compute Engine instances reside and the host project that contains the Shared VPC.
Create a perimeter bridge between the service project where the Compute Engine instances reside and the perimeter that contains the protected BigQuery datasets.
ユーザの投票
コメント(14)
- 正解だと思う選択肢: A
(A)
For VMs inside shared VPC, the host project needs to be added to the perimeter as well. I had real-life experience with this. However, this creates new security issues as all other VMs in other projects which are attached to shared subnets in the same host project then are also able to access the perimeter. Google recommends setting up Private Service Connect Endpoints to achieve subnet segregation for VPC-SC usage with Host projects.
👍 6risc2022/10/19 - 正解だと思う選択肢: A
A is the answer.
https://cloud.google.com/vpc-service-controls/docs/service-perimeters#secure-google-managed-resources If you're using Shared VPC, you must include the host project in a service perimeter along with any projects that belong to the Shared VPC.
👍 3zellck2022/09/27 - 正解だと思う選択肢: A
https://cloud.google.com/vpc-service-controls/docs/service-perimeters If you're using Shared VPC, you must include the host project in a service perimeter along with any projects that belong to the Shared VPC.
👍 2mikesp2022/06/02
シャッフルモード
