GCP Professional Cloud Security Engineer Practice Question
Your security team is adopting a zero-trust model for workloads on Google Cloud. They must:
Allow users to invoke Google Cloud APIs and use the Cloud Console only when requests come from company-managed devices located within the enterprise's public IP ranges.
Ensure that data in the payments project cannot be copied to resources in any other Google Cloud project or to external services, even by authorized users. Which approach leverages Access Context Manager to meet both requirements with minimal configuration overhead?
Implement VPC firewall rules to allow only corporate IPs and deploy a Cloud Armor security policy in front of BigQuery.
Create one access level that combines the device and IP conditions, and place the payments project inside a service perimeter.
Set an Organization Policy that blocks external data transfers and attach IAM conditions with IP constraints to every BigQuery dataset.
Create two separate access levels-one for device compliance and one for IP range-and assign them to the payments project.
Access Context Manager offers two complementary constructs:
Access levels attach attribute-based conditions such as IP subnets and device status to requests. A single composite access level that checks both "corporate-managed device" and "corporate IP range" satisfies the first requirement.
Service perimeters (implemented by VPC Service Controls) create a virtual boundary around one or more projects. Placing the payments project inside a perimeter prevents data exfiltration to resources outside the perimeter, meeting the second requirement. Other options are ineffective or incomplete: multiple access levels do not stop data exfiltration; VPC firewall rules and Cloud Armor do not control access to Google-managed services; Organization Policy and scattered IAM conditions do not enforce network-level egress restrictions inherent to service perimeters.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Access Context Manager in Google Cloud?
Open an interactive chat with Bash
How do service perimeters work to prevent data exfiltration in Google Cloud?
Open an interactive chat with Bash
What is the zero-trust model, and how does it apply to Google Cloud?
Open an interactive chat with Bash
What is Access Context Manager in Google Cloud?
Open an interactive chat with Bash
What are service perimeters in Google Cloud?
Open an interactive chat with Bash
How do Access Context Manager and service perimeters work together in implementing a zero-trust model?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .