Your organization uses Cloud Run services in multiple projects under a non-production folder. These services primarily communicate internally, but some require external access to specific approved FQDNs while blocking all other external traffic. Internal applications must not be exposed externally. You need to implement granular control where allowlists for specific FQDNs override broader restrictions, but only within designated VPCs. What should you do? | Google Professional Cloud Security Engineer Quiz