Google Cloud Professional Cloud Database Engineer — Question 78

Your project is using Bigtable to store data that should not be accessed from the public internet under any circumstances, even if the requestor has a valid service account key. You need to secure access to this data. What should you do?

Answer options

• A. Use Identity and Access Management (IAM) for Bigtable access control.
• B. Use VPC Service Controls to create a trusted network for the Bigtable service.
• C. Use customer-managed encryption keys (CMEK).
• D. Use Google Cloud Armor to add IP addresses to an allowlist.

Correct answer: B

Explanation

The correct answer is B because VPC Service Controls provide a way to define a security perimeter around your resources, preventing unauthorized access from the public internet. Options A and C do not restrict access based on network location, and option D focuses on allowing specific IP addresses rather than fully restricting access from the internet.