Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

You are deploying hundreds of ephemeral projects via a new infrastructure CI/CD pipeline to allow users to interact with Google Cloud. You need to prevent the use of default networks across your organization while adhering to Google-recommended practices. What should you do?

Exam-Like

Enable the constraints/compute.skipDefaultNetworkCreation organization policy constraint at the organization level.

Create a cron job to trigger a daily Cloud Function to automatically delete all default networks for each project.

Comments

Loading comments...

Grant your users the IAM Owner role at the organization level. Create a VPC Service Controls perimeter around the project that restricts the compute.googleapis.com API.

Only allow your users to use your CI/CD pipeline with a predefined set of infrastructure templates they can deploy to skip the creation of the default networks.