Leave a message
Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 0d 9h 8m 19s Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Exam Professional Cloud Security Engineer Topic 4 Question 94 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 94
Topic #: 4
[All Professional Cloud Security Engineer Questions]

You have stored company approved compute images in a single Google Cloud project that is used as an image repository. This project is protected with VPC Service Controls and exists in the perimeter along with other projects in your organization. This lets other projects deploy images from the image repository project. A team requires deploying a third-party disk image that is stored in an external Google Cloud organization. You need to grant read access to the disk image so that it can be deployed into the perimeter.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Sherly at Nov 17, 2024, 02:26 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Marguerita
3 months ago
Option D looks a bit confusing to me. Configuring the ingressFrom and ingressTo fields? Isn't this about granting read access, not controlling ingress? I'm a bit lost on this one.
upvoted 0 times
...
Luz
3 months ago
I'd go with Option C. It's similar to Option A, but it configures the egressTo field to include the external project number directly. Seems more straightforward.
upvoted 0 times
Jesusa
2 months ago
Let's go with Option C then.
upvoted 0 times
...
Roselle
2 months ago
I agree, configuring the egressTo field directly with the external project number makes sense.
upvoted 0 times
...
Devon
2 months ago
Yeah, Option C seems more direct and clear.
upvoted 0 times
...
Lucia
2 months ago
I think Option C is the way to go.
upvoted 0 times
...
...
Alaine
3 months ago
Wait, are we sure this isn't a trick question? What if the correct answer is to just send the external project a fruit basket and hope they grant us access?
upvoted 0 times
...
Ciara
3 months ago
I'm not sure. Should we also configure the egressFrom field to set identity Type to any_identity?
upvoted 0 times
...
Dorcas
3 months ago
Haha, now that's thinking outside the box! Although I'm not sure the Google Cloud team would appreciate the security implications of a fruit-based access control system.
upvoted 0 times
Twanna
2 months ago
D) Update the perimeter
upvoted 0 times
...
Huey
2 months ago
C) Update the perimeter
upvoted 0 times
...
Vincent
2 months ago
C) Update the perimeter
upvoted 0 times
...
Claudio
2 months ago
B) Allow the external project by using the organizational policy constraints/compute.trustedlmageProjects.
upvoted 0 times
...
Kanisha
3 months ago
A) Update the perimeter
upvoted 0 times
...
Tiera
3 months ago
B) Allow the external project by using the organizational policy constraints/compute.trustedlmageProjects.
upvoted 0 times
...
Leota
3 months ago
A) Update the perimeter
upvoted 0 times
...
...
Nu
3 months ago
I agree with Vernice. We also need to set the serviceName to compute.googleapis.com.
upvoted 0 times
...
Vernice
4 months ago
I think we should update the perimeter and configure the egressTo field to include the external Google Cloud project number.
upvoted 0 times
...

Save Cancel
a