Google Cloud Professional Cloud Network Engineer — Question 135

Your organization has a single project that contains multiple Virtual Private Clouds (VPCs). You need to secure API access to your Cloud Storage buckets and BigQuery datasets by allowing API access only from resources in your corporate public networks. What should you do?

Answer options

• A. Create an access context policy that allows your VPC and corporate public network IP ranges, and then attach the policy to Cloud Storage and BigQuery.
• B. Create a VPC Service Controls perimeter for your project with an access context policy that allows your corporate public network IP ranges.
• C. Create a firewall rule to block API access to Cloud Storage and BigQuery from unauthorized networks.
• D. Create a VPC Service Controls perimeter for each VPC with an access context policy that allows your corporate public network IP ranges.

Correct answer: B

Explanation

The correct answer is B because creating a VPC Service Controls perimeter specifically for the project allows for more effective management of access to resources while defining the IP ranges for your corporate network. Option A is incorrect as it does not focus on the perimeter setup, and while option C may block unwanted access, it does not specifically allow access from the desired networks. Option D is also incorrect because it unnecessarily complicates the setup by creating separate perimeters for each VPC.