ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Subtask 3.1: Security DesignSecurityVPC Service ControlsAccess Context Manager

GCP PCA · Question 41 · Security Design

You are implementing VPC Service Controls to protect BigQuery and Cloud Storage. However, a specific third-party partner needs to upload files to a specific Cloud Storage bucket from their corporate IP address, which is outside your GCP network. Which TWO configurations can you use to allow this specific access while maintaining the perimeter? (Select TWO)

Answer options:

A.

VPC Network Peering

B.

Ingress rules

C.

Egress rules

D.

Access Levels

E.

Cloud NAT

How to approach this question

Identify the mechanisms within VPC Service Controls and Access Context Manager used to punch secure holes in a perimeter.

Full Answer

Ingress rules, Access Levels
To allow external access into a VPC Service Controls perimeter, you use Access Context Manager to define an Access Level (e.g., specifying the partner's corporate IP range). You then apply this Access Level to the perimeter, or use an Ingress Rule to explicitly allow that identity/IP to access the specific Cloud Storage API.

Common mistakes

Choosing Egress rules (C), confusing traffic direction. The partner is outside coming *in* (Ingress).
40All questions42

Practice the full GCP Professional Cloud Architect Practice Exam 6

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...MediumQ02CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...MediumQ03CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...HardQ04CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...MediumQ05CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...Easy
View all 50 questions →