1. Home
  2. Discussions
  3. Google
  4. Google Cloud Certified
  5. Professional-Cloud-Security-Engineer Discussions
  6. Professional-Cloud-Security-Engineer Exam Topic 7 Question 65 Discussion

Google Cloud Certified - Professional Cloud Security Engineer Professional-Cloud-Security-Engineer Question # 65 Topic 7 Discussion

 Google Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Google Cloud Certified - Professional Cloud Security Engineer Professional-Cloud-Security-Engineer Question # 65 Topic 7 Discussion

Professional-Cloud-Security-Engineer Exam Topic 7 Question 65 Discussion:
Question #: 65
Topic #: 7

Your security team wants to implement a defense-in-depth approach to protect sensitive data stored in a Cloud Storage bucket. Your team has the following requirements:

    The Cloud Storage bucket in Project A can only be readable from Project B.

    The Cloud Storage bucket in Project A cannot be accessed from outside the network.

    Data in the Cloud Storage bucket cannot be copied to an external Cloud Storage bucket.

What should the security team do?
A.

Enable domain restricted sharing in an organization policy, and enable uniform bucket-level access on the Cloud Storage bucket.

B.

Enable VPC Service Controls, create a perimeter around Projects A and B. and include the Cloud Storage API in the Service Perimeter configuration.

C.

Enable Private Access in both Project A and B's networks with strict firewall rules that allow communication between the networks.

D.

Enable VPC Peering between Project A and B's networks with strict firewall rules that allow communication between the networks.

Get Premium Professional-Cloud-Security-Engineer Questions
Actual exam question for Google Professional-Cloud-Security-Engineer exam by Blaise55530 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next