As a security administrator, you need to prevent data exfiltration from multiple GCP projects under an "implementation" folder (used for dev, staging, and production workloads) without restricting communication between these projects. What is the recommended approach?

Exam-Like

Use a Shared VPC to enable communication between all projects, and use firewall rules to prevent data exfiltration.

Create access levels in Access Context Manager to prevent data exfiltration, and use a shared VPC for communication between projects.

Use an infrastructure-as-code software tool to set up a single service perimeter and to deploy a Cloud Function that monitors the "implementation" folder via Stackdriver and Cloud Pub/Sub. When the function notices that a new project is added to the folder, it executes Terraform to add the new project to the associated perimeter.

Use an infrastructure-as-code software tool to set up three different service perimeters for dev, staging, and prod and to deploy a Cloud Function that monitors the "implementation" folder via Stackdriver and Cloud Pub/Sub. When the function notices that a new project is added to the folder, it executes Terraform to add the new project to the respective perimeter.

Google Professional Cloud Security Engineer

Get started today

Comments

As a security administrator, you need to prevent data exfiltration from multiple GCP projects under an "implementation" folder (used for dev, staging, and production workloads) without restricting communication between these projects. What is the recommended approach?