Answer-first summary for fast verification
Answer: Set up a Shared VPC where the security team manages the firewall rules, and share the network with developers via service projects.
The question requires configuring a VPC to enable separation of duties, specifically allowing the security team to control network resources like firewall rules while developers can still use the network. Option D (Shared VPC) is optimal because it centralizes network management in a host project managed by the security team, who can enforce firewall rules, while developers work in service projects that inherit the network configuration. This aligns with Google Cloud best practices for separation of duties. Option A (multiple VPCs with multi-NIC appliances) is complex and doesn't centralize control. Option B (VPC Network Peering) allows connectivity but doesn't centralize firewall management. Option C (single VPC with role assignments) grants developers the Compute Admin role, which includes broad network permissions, undermining separation of duties. The community discussion unanimously supports D with high upvotes, emphasizing its effectiveness for centralized security control.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to create a VPC that allows your security team to manage network resources like firewall rules. How should you structure the network to enforce separation of duties for these network resources?
A
Set up multiple VPC networks, and set up multi-NIC virtual appliances to connect the networks.
B
Set up VPC Network Peering, and allow developers to peer their network with a Shared VPC.
C
Set up a VPC in a project. Assign the Compute Network Admin role to the security team, and assign the Compute Admin role to the developers.
D
Set up a Shared VPC where the security team manages the firewall rules, and share the network with developers via service projects.
No comments yet.