Topic 1 Question 93
You are part of a security team that wants to ensure that a Cloud Storage bucket in Project A can only be readable from Project B. You also want to ensure that data in the Cloud Storage bucket cannot be accessed from or copied to Cloud Storage buckets outside the network, even if the user has the correct credentials. What should you do?
Enable VPC Service Controls, create a perimeter with Project A and B, and include Cloud Storage service.
Enable Domain Restricted Sharing Organization Policy and Bucket Policy Only on the Cloud Storage bucket.
Enable Private Access in Project A and B networks with strict firewall rules to allow communication between the networks.
Enable VPC Peering between Project A and B networks with strict firewall rules to allow communication between the networks.
ユーザの投票
コメント(13)
The answer is A. This is question is covered by an example given for VPC Service Perimeters
https://cloud.google.com/vpc-service-controls/docs/overview#isolate
👍 19FatCharlie2020/11/25I would say option A is a better fit due to VPC Service Controls.
👍 3jonclem2020/11/16A - VPC Service Controls
👍 2nilb942021/08/22
シャッフルモード