Google Cloud Professional Cloud Security Engineer — Question 165

You manage multiple internal-only applications that are hosted within different Google Cloud projects. You are deploying a new application that requires external internet access. To maintain security, you want to clearly separate this new application from internal systems. Your solution must have effective security isolation for the new externally-facing application. What should you do?

Answer options

• A. Deploy the application within the same project as an internal application. Use a Shared VPC model to manage network configurations.
• B. Place the application in the same project as an existing internal application, and adjust firewall rules to allow external traffic.
• C. Create a VPC Service Controls perimeter, and place the new application’s project within that perimeter.
• D. Create a new project for the application, and use VPC Network Peering to access necessary resources in the internal projects.

Correct answer: C

Explanation

The correct answer is C because creating a VPC Service Controls perimeter provides a strong security boundary for the new application, ensuring it remains isolated from internal applications. Options A and B do not provide the necessary isolation and may expose internal systems to potential vulnerabilities. Option D, while creating a new project, does not specifically address the security controls needed for external-facing applications.