ExpertHard1 markMultiple Choice
GCP PCA · Question 44 · Domain 3: Designing for Security and Compliance
Your CISO wants to ensure that no developer can create a VM with an external public IP address, and that all resources are created only in the 'europe-west1' region. Which TWO Organization Policies should you enforce? (Select TWO)
Your CISO wants to ensure that no developer can create a VM with an external public IP address, and that all resources are created only in the 'europe-west1' region. Which TWO Organization Policies should you enforce? (Select TWO)
Answer options:
A.
constraints/compute.vmExternalIpAccess
B.
constraints/gcp.resourceLocations
C.
constraints/compute.disableInternetNetworkEndpointGroup
D.
IAM role roles/compute.networkAdmin
E.
VPC Firewall rules blocking port 80/443
How to approach this question
Identify the correct Organization Policy constraints.
Full Answer
constraints/compute.vmExternalIpAccess
constraints/gcp.resourceLocations
Organization Policies provide centralized control. 'vmExternalIpAccess' prevents public IP assignment, and 'resourceLocations' restricts deployments to specific regions.
Common mistakes
Trying to use IAM or Firewalls to enforce resource creation rules.
Practice the full GCP Professional Cloud Architect Practice Exam 2
50 questions · hints · full answers · grading
More questions from this exam
Q01CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ02CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ03CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...HardQ04CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...MediumQ05CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Easy