Google Cloud Professional Cloud Network Engineer — Question 116

You have a Cloud Storage bucket in Google Cloud project XYZ. The bucket contains sensitive data. You need to design a solution to ensure that only instances belonging to VPCs under project XYZ can access the data stored in this Cloud Storage bucket. What should you do?

Answer options

• A. Configure Private Google Access to privately access the Cloud Storage service using private IP addresses.
• B. Configure a VPC Service Controls perimeter around project XYZ, and include storage.googleapis.com as a restricted service in the service perimeter.
• C. Configure Cloud Storage with projectPrivate Access Control List (ACL) that gives permission to the project team based on their roles.
• D. Configure Private Service Connect to privately access Cloud Storage from all VPCs under project XYZ.

Correct answer: B

Explanation

The correct answer is B, as configuring a VPC Service Controls perimeter effectively limits access to the Cloud Storage bucket to only VPCs from project XYZ, enhancing security. Option A does not restrict access to specific VPCs, and options C and D do not provide the necessary perimeter security to ensure that only instances from the specified project can access the data.