Answer-first summary for fast verification
Answer: Modify the existing VPC Service Controls policy to include the new project in dry run mode.
VPC Service Controls (VPC SC) dry run mode allows you to test the impact of adding a project to a service perimeter without enforcing the restrictions. This enables monitoring of potential violations that would occur if the project were fully added. Options A and D relate to network traffic logging (Firewall Rules and Flow Logs), which don't directly assess VPC SC policy impacts. Option C monitors Resource Manager audit logs, which track administrative changes but not service access violations. Thus, B is the correct choice for validating the impact before enforcing the change.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You have two Google Cloud projects within a VPC Service Controls perimeter to prevent data exfiltration. A third project needs to be added to the perimeter, but this change may adversely affect the existing environment. How should you assess the potential impact before proceeding?
A
Enable Firewall Rules Logging inside the third project.
B
Modify the existing VPC Service Controls policy to include the new project in dry run mode.
C
Monitor the Resource Manager audit logs inside the perimeter.
D
Enable VPC Flow Logs inside the third project, and monitor the logs for negative impact.