Answer-first summary for fast verification
Answer: 1. Configure a private IP address for Cloud SQL 2. Use VPC-SC to create a service perimeter 3. Add the Cloud SQL database and the Cloud Storage bucket to the same service perimeter
To secure PII data in both Cloud SQL and Cloud Storage, the best approach involves multiple layers of security. Option C is correct because: 1. Configuring a private IP for Cloud SQL ensures it is only accessible within the VPC, reducing exposure to the public internet. 2. VPC Service Controls (VPC-SC) create a service perimeter to prevent data exfiltration, even if credentials are compromised. 3. Adding both Cloud SQL and Cloud Storage to the same service perimeter ensures that access to these resources is restricted to entities within the perimeter. This combination of network controls (private IP) and data protection (VPC-SC) provides a robust security posture. Options A and B rely solely on firewall rules or IAM, which lack the exfiltration protection offered by VPC-SC. Option D incorrectly suggests using different perimeters, which is unnecessary for securing both resources together.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your team is developing an application for a financial institution. The frontend runs on Compute Engine, while the data is stored in Cloud SQL and a Cloud Storage bucket. The application will handle PII data, which will reside in both Cloud SQL and Cloud Storage. How should you secure this PII data?
A
B
C
D