Question-13: A virtual private network (VPN) is created by establishing a virtual point-to-point connection by utilizing dedicated connections, virtual tunneling protocols, or traffic encryption. VPN users gain access to the VPN by authenticating themselves with one of several methods, such as using a password or a certificate. Your company is working on a project through Google Cloud that utilizes BigQuery as a data warehouse. They utilize Cloud VPN to create a secure virtual private network (VPN) tunnel that connects their on-premises environment to Google Cloud. The goal of the security team is to prevent data exfiltration caused by malicious insiders, accidental oversharing, and code that has been compromised. What options do they have?
A. Only allow on-premises access to Private Google Access after configuring it.
B. Carry out the responsibilities listed below: 1. Establish a new account for the service. 2. Provide the service account with the BigQuery JobUser role as well as the Storage Reader role. 3. Eliminate any and all further IAM access to the project.
C. Set up Private Google Access and establish the VPC Service Controls.
D. Configure Private Google Access.
Correct Answer
Get All 340 Questions and Answer for Google Professional Cloud Architect
: 3 Explanation: Your capability to reduce the risk of data exfiltration from Google Cloud services like Cloud Storage and BigQuery is improved by the use of VPC Service Controls. Therefore, the third choice is the best one. Option-3 VPC Service Controls adds an additional layer of security to Google Cloud services, which works in conjunction with Identity and Access Management but is separate from it (IAM). Through the use of Private Google Access on-premises extensions, it is possible to configure private communication to Google Cloud services from inside VPC networks that span hybrid environments. In addition, this information may be found on the GCP website at https://cloud.google.com/vpc-service-controls/docs/overview. Exfiltration of data caused by hostile insiders or code that has been compromised: VPC Service Controls are a useful addition to network egress controls because they prevent clients within those networks from accessing the resources of Google-managed services that are located outside of the perimeter.