Google Cloud Professional Cloud Security Engineer — Question 61

You are troubleshooting access denied errors between Compute Engine instances connected to a Shared VPC and BigQuery datasets. The datasets reside in a project protected by a VPC Service Controls perimeter. What should you do?

Answer options

• A. Add the host project containing the Shared VPC to the service perimeter.
• B. Add the service project where the Compute Engine instances reside to the service perimeter.
• C. Create a service perimeter between the service project where the Compute Engine instances reside and the host project that contains the Shared VPC.
• D. Create a perimeter bridge between the service project where the Compute Engine instances reside and the perimeter that contains the protected BigQuery datasets.

Correct answer: A

Explanation

The correct answer is A because adding the host project containing the Shared VPC to the service perimeter allows the Compute Engine instances to access the BigQuery datasets without being blocked by the VPC Service Controls. The other options either do not address the access issue or create unnecessary complexity without solving the underlying problem.