Topic 1 Question 226
Your organization has two Google Cloud projects, project A and project B. In project A, you have a Pub/Sub topic that receives data from confidential sources. Only the resources in project A should be able to access the data in that topic. You want to ensure that project B and any future project cannot access data in the project A topic. What should you do?
Add firewall rules in project A so only traffic from the VPC in project A is permitted.
Configure VPC Service Controls in the organization with a perimeter around project A.
Use Identity and Access Management conditions to ensure that only users and service accounts in project A. can access resources in project A.
Configure VPC Service Controls in the organization with a perimeter around the VPC of project A.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: B
VPC Service Controls enforce a security perimeter around entire projects, ensuring that resources within project A (including the Pub/Sub topic) are inaccessible from any other project, including project B and future projects. This aligns with the requirement to prevent cross-project access.
👍 2e70ea9e2023/12/30 - 正解だと思う選択肢: B
Option B: -It allows us to create a secure boundary around all resources in Project A, including the Pub/Sub topic.
- It prevents data exfiltration to other projects and ensures that only resources within the perimeter (Project A) can access the sensitive data.
- VPC Service Controls are specifically designed for scenarios where you need to secure sensitive data within a specific context or boundary in Google Cloud.
👍 2raaad2024/01/04
シャッフルモード