Google Cloud Professional Cloud Security Engineer — Question 94

You need to create a VPC that enables your security team to control network resources such as firewall rules. How should you configure the network to allow for separation of duties for network resources?

Answer options

• A. Set up multiple VPC networks, and set up multi-NIC virtual appliances to connect the networks.
• B. Set up VPC Network Peering, and allow developers to peer their network with a Shared VPC.
• C. Set up a VPC in a project. Assign the Compute Network Admin role to the security team, and assign the Compute Admin role to the developers.
• D. Set up a Shared VPC where the security team manages the firewall rules, and share the network with developers via service projects.

Correct answer: D

Explanation

The correct answer, D, allows the security team to effectively manage firewall rules while enabling developers to use the network through service projects. Option A does not address the need for separation of duties, and option B does not provide adequate control to the security team. Option C assigns roles but does not facilitate the shared management structure needed for effective collaboration.