Topic 1 Question 220

Professional Cloud Security Engineer

Topic 1 Question 220
You manage one of your organization's Google Cloud projects (Project A). A VPC Service Control (SC) perimeter is blocking API access requests to this project, including Pub/Sub. A resource running under a service account in another project (Project B) needs to collect messages from a Pub/Sub topic in your project. Project B is not included in a VPC SC perimeter. You need to provide access from Project B to the Pub/Sub topic in Project A using the principle of least privilege.

What should you do?
- Configure an ingress policy for the perimeter in Project A, and allow access for the service account in Project B to collect messages.
- Create an access level that allows a developer in Project B to subscribe to the Pub/Sub topic that is located in Project A.
- Create a perimeter bridge between Project A and Project B to allow the required communication between both projects.
- Remove the Pub/Sub API from the list of restricted services in the perimeter configuration for Project A.
ユーザの投票
コメント(7)
- 正解だと思う選択肢: A
  A - is correct
  
  Cant be C, bridge is between pramiter, but project B it is not in any pramiter
  
  👍 3
  gcp4test2023/08/04
- Answer is C. https://cloud.google.com/vpc-service-controls/docs/share-across-perimeters
  
  👍 2
  Mithung302023/08/04
- 正解だと思う選択肢: A
  Ingress: Refers to any access by an API client from outside the service perimeter to resources within a service perimeter. Example:
  
  A Cloud Storage client outside a service perimeter calling Cloud Storage read, write, or copy operations on a Cloud Storage resource within the perimeter.
  
  👍 2
  anshad6662023/08/22
シャッフルモード

ユーザの投票

コメント(7)