Answer-first summary for fast verification
Answer: Create an Organizational Policy with a constraint to allow external IP addresses only on the frontend Compute Engine instances.
The correct answer is A: Create an Organizational Policy with a constraint to allow external IP addresses only on the frontend Compute Engine instances. This approach leverages Google Cloud's Organization Policy Service, which provides a centralized and controlled method to enforce specific policies across projects within the organization. By using the Organization Policy, you can ensure that external IP addresses can only be assigned to the specified frontend instances, thereby preventing misconfiguration errors and enhancing security.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
EHR Healthcare's infrastructure is migrating to Google Cloud. In the past, configuration errors resulted in public IP addresses being assigned to backend servers that should not have been accessible from the Internet. You need to ensure that such errors do not occur again, making sure that external IP addresses can only be configured on frontend Compute Engine instances and never on backend instances. What should you do?
A
Create an Organizational Policy with a constraint to allow external IP addresses only on the frontend Compute Engine instances.
B
Revoke the compute.networkAdmin role from all users in the project with front end instances.
C
Create an Identity and Access Management (IAM) policy that maps the IT staff to the compute.networkAdmin role for the organization.
D
Create a custom Identity and Access Management (IAM) role named GCE_FRONTEND with the compute.addresses.create permission.
No comments yet.