Answer: Configure an egress rule for the Cloud Storage bucket in Perimeter-A and a corresponding ingress rule in Perimeter-B.

The correct answer is C because it best aligns with the requirements to minimize exfiltration risk, allow only required connections, and follow the principle of least privilege. Ingress and egress rules provide granular control by allowing specific data flows between service perimeters for defined resources, services, and identities, reducing the risk of unintended exposure. This approach is supported by Google Cloud documentation stating that ingress and egress rules can replace perimeter bridges for simplified and secure data exchange. While option A (perimeter bridge) is a valid mechanism, it may grant broader access than necessary, as perimeter bridges allow communication between entire perimeters or specified resources, potentially increasing exfiltration risk. Option B is overly broad, as it bridges entire projects, violating least privilege. Option D's bidirectional rule is unnecessary and less secure, as the data flow is unidirectional (from Perimeter-A to Perimeter-B). The community discussion shows strong support for C, with high upvotes and references to official documentation emphasizing granular control.

Author: LeetQuiz Editorial Team