This question combines three security requirements: strong isolation (segmentation), secure remote access, and least privilege.
Strong Isolation: Creating separate VPC networks for each tier (C) provides the strongest network isolation/segmentation, limiting the blast radius compared to a single VPC with subnets (B, D). VPC peering is the standard way to allow controlled communication between these separate VPCs.
Extract: "Isolate sensitive data in its own VPC network." (Source 2.5) Segmentation via separate VPCs is a standard best practice for isolating sensitive workloads.
Secure Remote Access and Least Privilege: Identity-Aware Proxy (IAP) is the recommended Google Cloud service to provide secure remote access to virtual machine instances without requiring a public IP or VPN, which aligns with the zero-trust principle of explicit validation and least privilege by verifying user identity and context. Granting SSH keys and root access (A) or the Network Admin role (B) or Project Ownership (D) violates the principle of least privilege.
Extract: "Access control: Enforce access controls based on user identity and context by using solutions like... Identity-Aware Proxy (IAP). By doing this, you shift security from the network perimeter to individual users and devices. This approach enables granular access control and reduces the attack surface." (Source 2.2)
Extract: "BeyondCorp uses Google Cloud tools, such as... and Identity-Aware Proxy, to push the perimeter from the network to individual devices and users." (Source 2.3)
Extract: "IAP protects GCP-hosted applications by verifying user identity and context before granting access... When you grant a user access to an application or resource by IAP, they're subject to the fine-grained access controls implemented by the product in use without requiring a VPN." (Source 2.3)
Option C is the only one that satisfies all three requirements by using separate VPCs (strong isolation) and IAP (secure remote access with least privilege).
Submit