Answer-first summary for fast verification
Answer: Create a VPC Service Controls perimeter containing both projects and Cloud Storage as a restricted API. Add the Development Team users to the perimeter's Access Level.
The correct answer is D: Create a VPC Service Controls perimeter containing both projects and Cloud Storage as a restricted API. Add the Development Team users to the perimeter's Access Level. This solution creates a 'service perimeter' which ensures that only the Development Team can access both Cloud Storage and BigQuery. Setting Cloud Storage as the restricted API and including the Development Team in the perimeter allows them to access Cloud Storage, while the External Team, which is outside the perimeter, can still access BigQuery but not Cloud Storage. This meets the requirement of restricting the External Team's access to only BigQuery.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
The Development and External teams currently hold the project viewer Identity and Access Management (IAM) role for a folder named Visualization. Your objective is to configure permissions such that the Development Team can read data from both Google Cloud Storage and BigQuery, while ensuring that the External Team's access is restricted to reading data only from BigQuery. How would you accomplish this?
A
Remove Cloud Storage IAM permissions to the External Team on the acme-raw-data project.
B
Create Virtual Private Cloud (VPC) firewall rules on the acme-raw-data project that deny all ingress traffic from the External Team CIDR range.
C
Create a VPC Service Controls perimeter containing both projects and BigQuery as a restricted API. Add the External Team users to the perimeter's Access Level.
D
Create a VPC Service Controls perimeter containing both projects and Cloud Storage as a restricted API. Add the Development Team users to the perimeter's Access Level.
No comments yet.