Google Cloud Professional Cloud Architect — Question 222

Your team plans to use Vertex AI to develop and deploy machine learning models for various use cases for fraud detection, product recommendations, and customer churn prediction. You want to enhance the security posture of the Vertex AI and Workbench environment by restricting data exfiltration. What should you do?

Answer options

• A. Enable Private Google Access for the VPC network to allow Vertex AI services to access public Google services without traversing the public internet.
• B. Enable VPC Flow Logs to monitor network traffic to and from Vertex AI services and to identify suspicious activity.
• C. Create a service perimeter and include ml.googleapis.com and document.googleapis.com as protected services.
• D. Create a service perimeter and include aiplatform.googleapis.com and notebooks.googleapis.com as protected services.

Correct answer: D

Explanation

The correct answer is D because establishing a service perimeter with aiplatform.googleapis.com and notebooks.googleapis.com as protected services helps prevent unauthorized data access and exfiltration. Options A and B, while beneficial for security monitoring and access management, do not specifically address data exfiltration. Option C includes services that are not directly related to the core functionalities of Vertex AI in this context.