Answer-first summary for fast verification
Answer: Create a VPC Service Controls perimeter for your project with an access context policy that allows your corporate public network IP ranges.
The question requires securing API access to Cloud Storage and BigQuery by allowing access only from corporate public networks. VPC Service Controls perimeters are designed to restrict access to services based on defined conditions. Option B correctly uses a VPC Service Controls perimeter for the project, combined with an access context policy (access level) specifying corporate IP ranges. This ensures API access is restricted to the allowed IPs. Firewall rules (Option C) cannot control API access to managed services. Creating perimeters per VPC (Option D) is unnecessary, as the perimeter should encompass the entire project. Option A incorrectly suggests attaching the policy directly to services, which is not the standard approach for VPC Service Controls.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To restrict API access to your Cloud Storage buckets and BigQuery datasets to only resources within your corporate public networks across multiple VPCs in a single project, what steps should you take?
A
Create an access context policy that allows your VPC and corporate public network IP ranges, and then attach the policy to Cloud Storage and BigQuery.
B
Create a VPC Service Controls perimeter for your project with an access context policy that allows your corporate public network IP ranges.
C
Create a firewall rule to block API access to Cloud Storage and BigQuery from unauthorized networks.
D
Create a VPC Service Controls perimeter for each VPC with an access context policy that allows your corporate public network IP ranges.
No comments yet.