Google Cloud Professional Data Engineer — Question 152

Your organization has two Google Cloud projects, project A and project B. In project A, you have a Pub/Sub topic that receives data from confidential sources. Only the resources in project A should be able to access the data in that topic. You want to ensure that project B and any future project cannot access data in the project A topic. What should you do?

Answer options

• A. Add firewall rules in project A so only traffic from the VPC in project A is permitted.
• B. Configure VPC Service Controls in the organization with a perimeter around project A.
• C. Use Identity and Access Management conditions to ensure that only users and service accounts in project A. can access resources in project A.
• D. Configure VPC Service Controls in the organization with a perimeter around the VPC of project A.

Correct answer: B

Explanation

The correct answer is B because VPC Service Controls allow you to create a security perimeter around your resources, effectively preventing access from outside projects. Option A is incorrect as firewall rules do not control access to Pub/Sub topics. Option C does not provide a comprehensive solution for preventing access from other projects, and option D is similar to B but focuses on the VPC rather than the project itself.