Answer-first summary for fast verification
Answer: Create a new project for the application, and use VPC Network Peering to access necessary resources in the internal projects.
The question emphasizes the need for 'effective security isolation' between the new external-facing application and existing internal-only applications. Option D is optimal because creating a new project ensures complete resource, IAM, and network configuration separation, minimizing the risk of accidental exposure or lateral movement. VPC Network Peering allows controlled access to internal resources while maintaining isolation. Option C (VPC Service Controls) is less suitable as it primarily prevents data exfiltration via API calls but does not provide network-level isolation, which is critical for an external-facing app. Options A and B are inadequate as they place the external app in the same project as internal apps, increasing security risks. Community discussion supports D with higher consensus (64% vs. 36% for C) and detailed reasoning highlighting project-level isolation as foundational for security.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are deploying a new external-facing application in Google Cloud that requires internet access. To maintain security isolation from your existing internal-only applications hosted in other projects, what should you do?
A
Deploy the application within the same project as an internal application. Use a Shared VPC model to manage network configurations.
B
Place the application in the same project as an existing internal application, and adjust firewall rules to allow external traffic.
C
Create a VPC Service Controls perimeter, and place the new application’s project within that perimeter.
D
Create a new project for the application, and use VPC Network Peering to access necessary resources in the internal projects.
No comments yet.