GCP Professional Cloud Security Engineer Practice Question
Your company protects BigQuery and Cloud Storage with a VPC Service Controls perimeter that encloses three Google Cloud projects.
Interactive access must meet these rules:
Employees on-site can reach the protected services from any device when traffic originates from 203.0.113.0/24.
Remote partner engineers must come from 198.51.100.0/24 and use company-issued ChromeOS laptops that pass Verified Access.
All other requests must be blocked.
Following Google-recommended practices and keeping the configuration as simple as possible, how should you implement the required policy?
Create one basic Access Level that lists both subnets and adds a device policy requiring Chrome Verified Access, then attach it to the perimeter.
Use a perimeter ingress rule to allow both subnets and rely on IAM Conditions to enforce device compliance for partner engineers.
Create two Access Levels: a basic level for 203.0.113.0/24 with no device checks, and a custom CEL level for 198.51.100.0/24 that also requires Chrome Verified Access. Attach both levels to the perimeter.
Create a single custom (CEL) Access Level that allows requests when either source subnet matches or the device passes Chrome Verified Access, then attach it to the perimeter.
Create two separate Access Levels and attach both to the perimeter.
A basic level that lists the on-premises subnet 203.0.113.0/24; no device requirements are included.
A custom (CEL) level that allows requests only when the source IP is 198.51.100.0/24 and the device meets a Chrome Verified Access policy. Because the perimeter grants access when any attached Access Level evaluates to true, employees and partner engineers are each admitted under their respective level, while all other traffic is denied. A single basic level cannot express the device requirement, and perimeter ingress rules or IAM conditions do not enforce Verified Access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VPC Service Controls perimeter?
Open an interactive chat with Bash
What is a custom Access Level (CEL) in Google Cloud?
Open an interactive chat with Bash
What is Chrome Verified Access, and why is it used in this policy?
Open an interactive chat with Bash
What is a VPC Service Controls perimeter?
Open an interactive chat with Bash
What is Custom CEL in Access Levels?
Open an interactive chat with Bash
What is Chrome Verified Access?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Securing communications and establishing boundary protection
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .