Google Cloud Professional Cloud Security Engineer — Question 218

Your organization has established a highly sensitive project within a VPC Service Controls perimeter. You need to ensure that only users meeting specific contextual requirements such as having a company-managed device, a specific location, and a valid user identity can access resources within this perimeter. You want to evaluate the impact of this change without blocking legitimate access. What should you do?

Answer options

• A. Establish a Context-Aware Access policy that specifies the required contextual attributes, and associate the policy with the VPC Service Controls perimeter in dry run mode.
• B. Use the VPC Service Control Violation dashboard to identify the impact of details about access denials by service perimeters.
• C. Configure a VPC Service Controls perimeter in dry run mode, and enforce strict network segmentation using firewall rules. Use multi-factor authentication (MFA) for user verification.
• D. Use Cloud Audit Logs to monitor user access to the project resources. Use post-incident analysis to identify unauthorized access attempts.

Correct answer: A

Explanation

The correct answer is A because establishing a Context-Aware Access policy in dry run mode allows you to evaluate the impact of the policy without denying legitimate access. Option B focuses on identifying access denials but does not help in evaluating contextual access requirements. Option C suggests configuring a perimeter in dry run mode but adds unnecessary complexity with strict network segmentation and MFA, which is not required for the evaluation. Option D is reactive and does not prevent unauthorized access proactively.