ExpertHard1 markMultiple Choice
GCP PCA · Question 27 · Security Design
Your company stores highly sensitive intellectual property in a Cloud Storage bucket. You need to ensure that even if an employee with legitimate IAM permissions tries to download the data from their home network or a coffee shop, the request is denied. How should you enforce this?
Your company stores highly sensitive intellectual property in a Cloud Storage bucket. You need to ensure that even if an employee with legitimate IAM permissions tries to download the data from their home network or a coffee shop, the request is denied. How should you enforce this?
Answer options:
A.
Remove the employee's IAM permissions when they leave the office.
B.
Implement VPC Service Controls and configure an ingress rule allowing access only from the corporate IP range.
C.
Configure a VPC Firewall rule to block port 443 from non-corporate IPs.
D.
Use Cloud Armor to block the employee's home IP address.
How to approach this question
Identify the service that provides context-aware access control for GCP APIs.
Full Answer
B.Implement VPC Service Controls and configure an ingress rule allowing access only from the corporate IP range.✓ Correct
Implement VPC Service Controls and configure an ingress rule allowing access only from the corporate IP range.
VPC Service Controls mitigates data exfiltration risks. It allows you to define a perimeter around services like Cloud Storage. Even if a user has valid IAM credentials, VPC SC will block the request if it doesn't meet the contextual rules (e.g., originating from a trusted corporate IP).
Common mistakes
Choosing VPC Firewall rules (C), which do not apply to Google APIs.
Practice the full GCP Professional Cloud Architect Practice Exam 5
50 questions · hints · full answers · grading
More questions from this exam
Q01CASE STUDY: TechStream Gaming
Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...HardQ02CASE STUDY: TechStream Gaming
Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...MediumQ03CASE STUDY: TechStream Gaming
Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...MediumQ04CASE STUDY: TechStream Gaming
Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...MediumQ05CASE STUDY: TechStream Gaming
Overview: Gaming company, 500 employees, $100M revenue. 200 on-prem...Easy