Topic 1 Question 168
Your security team wants to implement a defense-in-depth approach to protect sensitive data stored in a Cloud Storage bucket. Your team has the following requirements: ✑ The Cloud Storage bucket in Project A can only be readable from Project B. ✑ The Cloud Storage bucket in Project A cannot be accessed from outside the network. ✑ Data in the Cloud Storage bucket cannot be copied to an external Cloud Storage bucket. What should the security team do?
Enable domain restricted sharing in an organization policy, and enable uniform bucket-level access on the Cloud Storage bucket.
Enable VPC Service Controls, create a perimeter around Projects A and B, and include the Cloud Storage API in the Service Perimeter configuration.
Enable Private Access in both Project A and B's networks with strict firewall rules that allow communication between the networks.
Enable VPC Peering between Project A and B's networks with strict firewall rules that allow communication between the networks.
ユーザの投票
コメント(5)
Should be B. VPC Peering is between organizations not between Projects in an organization. That is Shared VPC. In this case, both projects are in same organization so having VPC Service Controls around both projects with necessary rules should be fine.
👍 6Baburao2022/09/03- 正解だと思う選択肢: B👍 3tangac2022/09/03
- 正解だと思う選択肢: B
B. Enable VPC Service Controls, create a perimeter around Projects A and B, and include the Cloud Storage API in the Service Perimeter configuration.
👍 3AwesomeGCP2022/10/08
シャッフルモード