Google Professional Data Engineer

Get started today

Ultimate access to all questions.

NO.25 Your organization has two Google Cloud projects, project A and project B. In project A, you have a Pub/Sub topic that receives data from confidential sources. Only the resources in project A should be able to access the data in that topic. You want to ensure that project B and any future project cannot access data in the project A topic. What should you do?

Real Exam

Community

LLeetQuiz

Explanation:

Option D is the correct solution using IAM conditions:

Why IAM Conditions are the right approach:

Resource-level access control - IAM directly controls access to Pub/Sub topics
Project-based restrictions - Can specify that only resources from project A can access
Future-proof - Automatically prevents any new projects from accessing
Fine-grained control - Can set conditions based on project, service account, or other attributes

Why other options don't work:

Option A & C: VPC Service Controls don't apply to Pub/Sub as it's not VPC-bound
Option B: Firewall rules control network traffic, not Pub/Sub topic access

IAM Implementation:

Use IAM conditions with resourcemanager.projects.id attribute
Restrict access to only service accounts/users from project A
This provides the most direct and effective access control for Pub/Sub resources

Powered ByGPT-5.2

Comments

Loading comments...