Explanation:
The correct answer is C: Use Identity and Access Management conditions to ensure that only users and service accounts in project A can access resources in project A. IAM policies allow you to define precisely who (users or service accounts) can access specific resources. By setting restrictive IAM policies on the Pub/Sub topic within project A, you can ensure that only entities within project A have access, effectively preventing access from project B and any other future projects. This approach directly addresses the requirement of controlling access to a specific resource without the need for broader network security configurations.
Ultimate access to all questions.
No comments yet.
Your organization is utilizing Google Cloud services and operates with two distinct projects: project A and project B. In project A, a Pub/Sub topic has been established to receive data from confidential sources. It is imperative that only resources within project A have access to the data in this Pub/Sub topic. To secure the data and prevent project B or any other future projects from accessing the data in the Pub/Sub topic within project A, what steps should you take?
A
Add firewall rules in project A so only traffic from the VPC in project A is permitted.
B
Configure VPC Service Controls in the organization with a perimeter around project A.
C
Use Identity and Access Management conditions to ensure that only users and service accounts in project A can access resources in project A.
D
Configure VPC Service Controls in the organization with a perimeter around the VPC of project A.