Security Design — GCP PCA Practice Question 27

How to approach this question

Identify the service that provides context-aware access control for GCP APIs.

Full Answer

B.Implement VPC Service Controls and configure an ingress rule allowing access only from the corporate IP range.✓ Correct

VPC Service Controls mitigates data exfiltration risks. It allows you to define a perimeter around services like Cloud Storage. Even if a user has valid IAM credentials, VPC SC will block the request if it doesn't meet the contextual rules (e.g., originating from a trusted corporate IP).

Common mistakes

Choosing VPC Firewall rules (C), which do not apply to Google APIs.

Your company stores highly sensitive intellectual property in a Cloud Storage bucket. You need to ensure that even if an employee with legitimate IAM permissions tries to download the data from their home network or a coffee shop, the request is denied. How should you enforce this?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 5

More questions from this exam