ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Subtask 5.2: Ensure solution and operations reliabilitySecurityVPC Service ControlsAccess Context ManagerBeyondCorp

GCP PCA · Question 37 · Ensure solution and operations reliability

You have implemented VPC Service Controls to protect your BigQuery datasets. A data scientist working from home needs to query the data using the BigQuery web UI. Their home IP address is dynamic. How can you grant them access without compromising the security perimeter?

Answer options:

A.

Add the data scientist's current home IP address to the VPC Service Controls perimeter.

B.

Temporarily disable the VPC Service Controls perimeter while the data scientist is working.

C.

Create an Access Level in Access Context Manager based on the user's identity and device posture, and add it to the VPC Service Controls perimeter.

D.

Grant the data scientist the roles/bigquery.admin IAM role.

How to approach this question

Identify how to create context-aware exceptions to VPC Service Controls.

Full Answer

C.Create an Access Level in Access Context Manager based on the user's identity and device posture, and add it to the VPC Service Controls perimeter.✓ Correct
Create an Access Level in Access Context Manager based on the user's identity and device posture, and add it to the VPC Service Controls perimeter.
VPC Service Controls relies on Access Context Manager to define 'Access Levels'. Since the IP address is dynamic, you cannot use IP whitelisting. Instead, you define an Access Level based on identity (BeyondCorp Enterprise) and device posture (e.g., requiring a company-issued laptop with screen lock enabled). You then attach this Access Level to the VPC-SC perimeter, allowing the data scientist secure access from anywhere.

Common mistakes

Assuming IAM permissions override VPC Service Controls. VPC-SC is a network boundary; IAM is an identity boundary. Both must pass.
36All questions38

Practice the full GCP Professional Cloud Architect Practice Exam 1

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...HardQ02**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...MediumQ03**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...HardQ04**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...MediumQ05**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium
View all 50 questions →