Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Create an access level titled "Corporate Access." Add a condition with the IP Subnetworks attribute, including the ranges: 10.100.0.0/16, 192.168.0.0/16, 172.16.0.0/20. Assign this access level to a service perimeter encompassing the sensitive project.

Option C is correct because it properly uses Access Context Manager to create an access level with the specified IP ranges (10.100.0.0/16, 192.168.0.0/16, and 172.16.0.0/20) and applies it to the existing service perimeter containing the sensitive project. This aligns with Google Cloud best practices for network-based access control using VPC Service Controls. Option A is incorrect as it focuses on device management rather than network restrictions. Option B is suboptimal because it unnecessarily restricts OS types and doesn't leverage the existing service perimeter. Option D is incorrect as it uses IAM roles with IP conditions, which is not the recommended approach for network-level access control through Access Context Manager.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your organization is adopting Google Cloud and needs to ensure sensitive resources are accessible only from devices within the internal corporate network or from employees connecting via a company-managed VPN. You must configure Access Context Manager to enforce this within a specific project inside an existing service perimeter. The network ranges to allow are:

Internal corporate network: 10.100.0.0/16 and 192.168.0.0/16

Company VPN pool: 172.16.0.0/20

What should you do?

Create an access level named "Authorized Devices." Utilize the Device Policy attribute to require corporate-managed devices. Apply the access level to the Google Cloud project and instruct all employees to enroll their devices in the organization's management system.

Create an access level titled "Internal Network Only." Add a condition with these attributes: • IP Subnetworks: 10.100.0.0/16, 192.168.0.0/16 • Device Policy: Require OS as Windows or macOS. Apply this access level to the sensitive Google Cloud project.

Create an access level titled "Corporate Access." Add a condition with the IP Subnetworks attribute, including the ranges: 10.100.0.0/16, 192.168.0.0/16, 172.16.0.0/20. Assign this access level to a service perimeter encompassing the sensitive project.

Create a new IAM role called "InternalAccess. Add the IP ranges 10.100.0.0/16, 192.16.0.0/16, and 172.16.0.0/20 to the role as an IAM condition. Assign this role to IAM groups corresponding to on-premises and VPN users. Grant this role the necessary permissions on the resource within this sensitive Google Cloud project.