Google Professional Cloud Developer

Ultimate access to all questions.

Explanation:

To secure PII data in both Cloud SQL and Cloud Storage, the best approach involves multiple layers of security. Option C is correct because:

Configuring a private IP for Cloud SQL ensures it is only accessible within the VPC, reducing exposure to the public internet.
VPC Service Controls (VPC-SC) create a service perimeter to prevent data exfiltration, even if credentials are compromised.
Adding both Cloud SQL and Cloud Storage to the same service perimeter ensures that access to these resources is restricted to entities within the perimeter. This combination of network controls (private IP) and data protection (VPC-SC) provides a robust security posture. Options A and B rely solely on firewall rules or IAM, which lack the exfiltration protection offered by VPC-SC. Option D incorrectly suggests using different perimeters, which is unnecessary for securing both resources together.

Explanation:

To secure PII data in both Cloud SQL and Cloud Storage, the best approach involves multiple layers of security. Option C is correct because:

Configuring a private IP for Cloud SQL ensures it is only accessible within the VPC, reducing exposure to the public internet.
VPC Service Controls (VPC-SC) create a service perimeter to prevent data exfiltration, even if credentials are compromised.
Adding both Cloud SQL and Cloud Storage to the same service perimeter ensures that access to these resources is restricted to entities within the perimeter. This combination of network controls (private IP) and data protection (VPC-SC) provides a robust security posture. Options A and B rely solely on firewall rules or IAM, which lack the exfiltration protection offered by VPC-SC. Option D incorrectly suggests using different perimeters, which is unnecessary for securing both resources together.

Comments (0)

No comments yet.

Exam-Like

Last updated: December 27, 2025 at 14:03

Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL database 2. Using IAM, allow only the frontend service account to access the Cloud Storage bucket

26.4%

Create the relevant firewall rules to allow only the frontend to communicate with the Cloud SQL database 2. Enable private access to allow the frontend to access the Cloud Storage bucket privately

9.7%

Configure a private IP address for Cloud SQL 2. Use VPC-SC to create a service perimeter 3. Add the Cloud SQL database and the Cloud Storage bucket to the same service perimeter

55.6%

Configure a private IP address for Cloud SQL 2. Use VPC-SC to create a service perimeter 3. Add the Cloud SQL database and the Cloud Storage bucket to different service perimeters