Answer: Enable the dry run mode on your perimeter. Add your new access level to the perimeter dry run configuration. Update the perimeter configuration after the access level has been vetted.

Option D is correct because it leverages VPC Service Controls' dry run mode, which allows testing perimeter changes without affecting production traffic. The dry run configuration specifically enables monitoring of potential violations before enforcing changes, minimizing disruption and avoiding service breakage. Option C is incorrect as it suggests adding the access level directly to the perimeter configuration rather than the dry run configuration, which could cause immediate enforcement and potential disruptions. Option A creates unnecessary overhead by duplicating the perimeter. Option B's approach of using a 'never matches' access level and gradual updates is inefficient and increases the risk of misconfiguration. The community discussion strongly supports D with high upvotes and references to Google documentation on dry run mode for safely testing perimeter changes.

Author: LeetQuiz Editorial Team