Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Google Exam Professional Cloud Security Engineer Topic 4 Question 94 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 94
Topic #: 4
[All Professional Cloud Security Engineer Questions]

You have stored company approved compute images in a single Google Cloud project that is used as an image repository. This project is protected with VPC Service Controls and exists in the perimeter along with other projects in your organization. This lets other projects deploy images from the image repository project. A team requires deploying a third-party disk image that is stored in an external Google Cloud organization. You need to grant read access to the disk image so that it can be deployed into the perimeter.

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

Contribute your Thoughts:

Luz
1 days ago
I'd go with Option C. It's similar to Option A, but it configures the egressTo field to include the external project number directly. Seems more straightforward.
upvoted 0 times
...
Alaine
12 days ago
Wait, are we sure this isn't a trick question? What if the correct answer is to just send the external project a fruit basket and hope they grant us access?
upvoted 0 times
...
Ciara
15 days ago
I'm not sure. Should we also configure the egressFrom field to set identity Type to any_identity?
upvoted 0 times
...
Dorcas
15 days ago
Haha, now that's thinking outside the box! Although I'm not sure the Google Cloud team would appreciate the security implications of a fruit-based access control system.
upvoted 0 times
Kanisha
5 days ago
A) Update the perimeter
upvoted 0 times
...
Tiera
5 days ago
B) Allow the external project by using the organizational policy constraints/compute.trustedlmageProjects.
upvoted 0 times
...
Leota
10 days ago
A) Update the perimeter
upvoted 0 times
...
...
Nu
21 days ago
I agree with Vernice. We also need to set the serviceName to compute.googleapis.com.
upvoted 0 times
...
Vernice
23 days ago
I think we should update the perimeter and configure the egressTo field to include the external Google Cloud project number.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77