Answer-first summary for fast verification
Answer: Use Identity and Access Management conditions to ensure that only users and service accounts in project A can access resources in project.
**Explanation:** Option D is the correct solution using IAM conditions: **Why IAM Conditions are the right approach:** - **Resource-level access control** - IAM directly controls access to Pub/Sub topics - **Project-based restrictions** - Can specify that only resources from project A can access - **Future-proof** - Automatically prevents any new projects from accessing - **Fine-grained control** - Can set conditions based on project, service account, or other attributes **Why other options don't work:** - **Option A & C**: VPC Service Controls don't apply to Pub/Sub as it's not VPC-bound - **Option B**: Firewall rules control network traffic, not Pub/Sub topic access **IAM Implementation:** - Use IAM conditions with `resourcemanager.projects.id` attribute - Restrict access to only service accounts/users from project A - This provides the most direct and effective access control for Pub/Sub resources
Author: LeetQuiz .
Ultimate access to all questions.
NO.25 Your organization has two Google Cloud projects, project A and project B. In project A, you have a Pub/Sub topic that receives data from confidential sources. Only the resources in project A should be able to access the data in that topic. You want to ensure that project B and any future project cannot access data in the project A topic. What should you do?
A
Configure VPC Service Controls in the organization with a perimeter around the VPC of project A.
B
Add firewall rules in project A so only traffic from the VPC in project A is permitted.
C
Configure VPC Service Controls in the organization with a perimeter around project A.
D
Use Identity and Access Management conditions to ensure that only users and service accounts in project A can access resources in project.
No comments yet.