Explanation:
VPC Service Controls (VPC SC) dry run mode allows you to test the impact of adding a project to a service perimeter without enforcing the restrictions. This enables monitoring of potential violations that would occur if the project were fully added. Options A and D relate to network traffic logging (Firewall Rules and Flow Logs), which don't directly assess VPC SC policy impacts. Option C monitors Resource Manager audit logs, which track administrative changes but not service access violations. Thus, B is the correct choice for validating the impact before enforcing the change.
Ultimate access to all questions.
No comments yet.
You have two Google Cloud projects within a VPC Service Controls perimeter to prevent data exfiltration. A third project needs to be added to the perimeter, but this change may adversely affect the existing environment. How should you assess the potential impact before proceeding?
A
Enable Firewall Rules Logging inside the third project.
B
Modify the existing VPC Service Controls policy to include the new project in dry run mode.
C
Monitor the Resource Manager audit logs inside the perimeter.
D
Enable VPC Flow Logs inside the third project, and monitor the logs for negative impact.