GCP Professional Cloud Security Engineer Practice Question
Your organization runs hundreds of projects under a Production folder. Security has found that teams are adding external IPv4 addresses to new Compute Engine VMs, breaching policy. The CISO wants to block any future VMs, instance templates, or forwarding rules in that folder (and its child projects) from getting external IPs, while allowing existing ones to remain. Which Organization Policy constraint should you enforce on the Production folder to meet this need with minimal effort?
constraints/iam.allowedPolicyMemberDomains allowing only the corporate domain
constraints/compute.restrictVpcPeering denying all peer network URIs
constraints/compute.disableSerialPortAccess with enforcement set to TRUE
constraints/compute.vmExternalIpAccess with enforcement set to TRUE
The constraint named compute.vmExternalIpAccess controls whether new VM instances, instance templates, or forwarding rules can be created with external IP addresses. Setting its enforcement state to TRUE at the Production folder blocks future attempts to add external IPs without affecting resources that already have them. The other constraints address unrelated capabilities: compute.disableSerialPortAccess governs serial port connections, compute.restrictVpcPeering limits VPC peering, and iam.allowedPolicyMemberDomains restricts IAM principals by domain. Therefore, enforcing compute.vmExternalIpAccess is the correct solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of `constraints/compute.vmExternalIpAccess`?
Open an interactive chat with Bash
How do Organization Policies work in Google Cloud?
Open an interactive chat with Bash
What happens to existing resources when `compute.vmExternalIpAccess` is enforced?
Open an interactive chat with Bash
What is `constraints/compute.vmExternalIpAccess`?
Open an interactive chat with Bash
What happens when enforcement for `compute.vmExternalIpAccess` is set to TRUE?
Open an interactive chat with Bash
How does this constraint differ from `compute.disableSerialPortAccess`?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .