Ensure solution and operations reliability — GCP PCA Practice Question 37

How to approach this question

Identify how to create context-aware exceptions to VPC Service Controls.

Full Answer

C.Create an Access Level in Access Context Manager based on the user's identity and device posture, and add it to the VPC Service Controls perimeter.✓ Correct

VPC Service Controls relies on Access Context Manager to define 'Access Levels'. Since the IP address is dynamic, you cannot use IP whitelisting. Instead, you define an Access Level based on identity (BeyondCorp Enterprise) and device posture (e.g., requiring a company-issued laptop with screen lock enabled). You then attach this Access Level to the VPC-SC perimeter, allowing the data scientist secure access from anywhere.

Common mistakes

Assuming IAM permissions override VPC Service Controls. VPC-SC is a network boundary; IAM is an identity boundary. Both must pass.

You have implemented VPC Service Controls to protect your BigQuery datasets. A data scientist working from home needs to query the data using the BigQuery web UI. Their home IP address is dynamic. How can you grant them access without compromising the security perimeter?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 1

More questions from this exam