Topic 1 Question 187
The Development and External teams have the project viewer Identity and Access Management (IAM) role in a folder named Visualization. You want the Development Team to be able to read data from both Cloud Storage and BigQuery, but the External Team should only be able to read data from BigQuery. What should you do?
Remove Cloud Storage IAM permissions to the External Team on the acme-raw-data project.
Create Virtual Private Cloud (VPC) firewall rules on the acme-raw-data project that deny all ingress traffic from the External Team CIDR range.
Create a VPC Service Controls perimeter containing both projects and BigQuery as a restricted API. Add the External Team users to the perimeter's Access Level.
Create a VPC Service Controls perimeter containing both projects and Cloud Storage as a restricted API. Add the Development Team users to the perimeter's Access Level.
ユーザの投票
コメント(15)
- 正解だと思う選択肢: D
D. Create a VPC Service Controls perimeter containing both projects and Cloud Storage as a restricted API. Add the Development Team users to the perimeter's Access Level. Reveal Solution
👍 13AWSandeep2022/09/02 Shoud be C https://cloud.google.com/vpc-service-controls/docs/vpc-accessible-services
When configuring VPC accessible services for a perimeter, you can specify a list of individual services, as well as include the RESTRICTED-SERVICES value, which automatically includes all of the services protected by the perimeter. To ensure access to the expected services is fully limited, you must: Configure the perimeter to protect the same set of services that you want to make accessible. Configure VPCs in the perimeter to use the restricted VIP. Use layer 3 firewalls.
👍 6Wasss1232022/09/08- 正解だと思う選択肢: C👍 4TNT872022/10/06
シャッフルモード