Crucial Exams

GCP Associate Cloud Engineer Practice Question

Your company has a Cloud Identity organization with several folders that map to environments. The security team wants to guarantee that no new Compute Engine VM in any future project can receive a public (external) IPv4 address, except for projects that reside in the existing "dev" folder. As the associate cloud engineer, which configuration will meet this requirement with the least ongoing administration effort?

  • Apply the Organization Policy constraint constraints/compute.vmExternalIpAccess with a DENY rule at the Organization node and add an ALLOW policy on the dev folder.

  • Place all non-dev projects in a VPC Service Controls perimeter that disallows external network egress.

  • Create a default-network firewall rule at the Organization level that blocks all egress traffic and remove it from the dev folder.

  • Remove the compute.instances.create permission from the Compute Engine default service account for every project except those under the dev folder.

GCP Associate Cloud Engineer
Setting up a cloud solution environment
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot