Your organization is adopting Google Cloud and needs to ensure sensitive resources are accessible only from devices within the internal corporate network or from employees connecting via a company-managed VPN. You must configure Access Context Manager to enforce this within a specific project inside an existing service perimeter. The network ranges to allow are:

Internal corporate network: 10.100.0.0/16 and 192.168.0.0/16

Company VPN pool: 172.16.0.0/20

What should you do?

Exam-Like

Create an access level named "Authorized Devices." Utilize the Device Policy attribute to require corporate-managed devices. Apply the access level to the Google Cloud project and instruct all employees to enroll their devices in the organization's management system.

Create an access level titled "Internal Network Only." Add a condition with these attributes: • IP Subnetworks: 10.100.0.0/16, 192.168.0.0/16 • Device Policy: Require OS as Windows or macOS. Apply this access level to the sensitive Google Cloud project.

Create an access level titled "Corporate Access." Add a condition with the IP Subnetworks attribute, including the ranges: 10.100.0.0/16, 192.168.0.0/16, 172.16.0.0/20. Assign this access level to a service perimeter encompassing the sensitive project.

Create a new IAM role called "InternalAccess. Add the IP ranges 10.100.0.0/16, 192.16.0.0/16, and 172.16.0.0/20 to the role as an IAM condition. Assign this role to IAM groups corresponding to on-premises and VPN users. Grant this role the necessary permissions on the resource within this sensitive Google Cloud project.

Google Professional Cloud Security Engineer

Comments

Get started today