You have a Google Cloud organization that distributes administrative capabilities by providing each team with a project and the Owner role (roles/owner). The organization contains thousands of projects. Security Command Center Premium is reporting multiple `OPEN_MYSQL_PORT` findings. You need to enforce guardrails to prevent these common misconfigurations.

What should you do?

Exam-Like

Create a hierarchical firewall policy configured at the organization to deny all connections from 0.0.0.0/0.

Create a hierarchical firewall policy configured at the organization to allow connections only from internal IP ranges.

Create a Google Cloud Armor security policy to deny traffic from 0.0.0.0/0.

Create a firewall rule for each virtual private cloud (VPC) to deny traffic from 0.0.0.0/0 with priority 0.

Google Professional Cloud Security Engineer