Answer-first summary for fast verification
Answer: Use VPC Service Controls to create a trusted network for the Bigtable service.
To secure access to data in Bigtable that should not be accessible from the public internet, even with a valid service account key, the best approach is to use VPC Service Controls. VPC Service Controls allow you to define a security perimeter around Google Cloud resources to constrain data within a specified boundary, preventing data exfiltration and ensuring that the data can only be accessed from within the trusted network. While IAM (Option A) is essential for access control, it does not prevent access from the public internet if the service account key is compromised. CMEK (Option C) is about encryption at rest and does not restrict network access. Google Cloud Armor (Option D) is designed to protect applications from DDoS and other attacks, not to restrict access to Bigtable data.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you ensure that your Bigtable data remains inaccessible from the public internet, even for requests with valid service account keys, while maintaining secure access?
A
Use Identity and Access Management (IAM) for Bigtable access control.
B
Use VPC Service Controls to create a trusted network for the Bigtable service.
C
Use customer-managed encryption keys (CMEK).
D
Use Google Cloud Armor to add IP addresses to an allowlist.
No comments yet.