Answer-first summary for fast verification
Answer: Set an Organization Policy with a constraint on constraints/compute.vmExternalIpAccess. List the approved instances in the allowedValues list.
The correct answer is D. Setting an Organization Policy with a constraint on constraints/compute.vmExternalIpAccess ensures that only approved instances can use external IP addresses. This method enforces the restriction across all VPCs and helps in preventing data exfiltration or maintaining network isolation. The references and feedback from the community validate that using the constraints/compute.vmExternalIpAccess constraint is the appropriate method for this scenario.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization manages multiple Virtual Private Clouds (VPCs) and has decided to limit the use of external IP addresses for security reasons. Only approved instances should have external IP access to prevent unauthorized data transfer or exposure. You want to implement this restriction consistently across all of your VPCs. What should you do?
A
Remove the default route on all VPCs. Move all approved instances into a new subnet that has a default route to an internet gateway.
B
Create a new VPC in custom mode. Create a new subnet for the approved instances, and set a default route to the internet gateway on this new subnet.
C
Implement a Cloud NAT solution to remove the need for external IP addresses entirely.
D
Set an Organization Policy with a constraint on constraints/compute.vmExternalIpAccess. List the approved instances in the allowedValues list.