Google Cloud Professional Cloud Security Engineer — Question 277

You want to update your existing VPC Service Controls perimeter with a new access level. You need to avoid breaking the existing perimeter with this change, and ensure the least disruptions to users while minimizing overhead. What should you do?

Answer options

• A. Create an exact replica of your existing perimeter. Add your new access level to the replica. Update the original perimeter after the access level has been vetted.
• B. Update your perimeter with a new access level that never matches. Update the new access level to match your desired state one condition at a time to avoid being overly permissive.
• C. Enable the dry run mode on your perimeter. Add your new access level to the perimeter configuration. Update the perimeter configuration after the access level has been vetted.
• D. Enable the dry run mode on your perimeter. Add your new access level to the perimeter dry run configuration. Update the perimeter configuration after the access level has been vetted.

Correct answer: D

Explanation

The correct answer is D because enabling dry run mode allows you to safely test the new access level without affecting the live environment. This minimizes risk and disruption to users while ensuring that the new configuration can be vetted before final implementation. Options A, B, and C do not provide the same level of safety and testing as option D, which could lead to potential issues in the production environment.