ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 290 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 290
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You are implementing communications restrictions for specific services in your Google Cloud organization. Your data analytics team works in a dedicated folder. You need to ensure that access to BigQuery is controlled for that folder and its projects. The data analytics team must be able to control the restrictions only at the folder level. What should you do?

  • A. Create an organization-level access policy with a service perimeter to restrict BigQuery access. Assign the data analytics team the Access Context Manager Editor role on the access policy to allow the team to configure the access policy.
  • B. Create a scoped policy on the folder with a service perimeter to restrict BigQuery access. Assign the data analytics team the Access Context Manager Editor role on the scoped policy to allow the team to configure the scoped policy.
  • C. Define a hierarchical firewall policy on the folder to deny BigQuery access. Assign the data analytics team the Compute Organization Firewall Policy Admin role to allow the team to configure rules for the firewall policy.
  • D. Enforce the Restrict Resource Service Usage organization policy constraint on the folder to restrict BigQuery access. Assign the data analytics team the Organization Policy Administrator role to allow the team to manage exclusions within the folder.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by yokoyan at Sept. 6, 2024, 1:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Pime13
4 months, 3 weeks ago
Selected Answer: B
This approach allows you to apply a service perimeter specifically to the folder, ensuring that BigQuery access is controlled at the desired level. By assigning the Access Context Manager Editor role to the data analytics team, you enable them to manage the scoped policy as needed.
upvoted 1 times
...
MoAk
5 months ago
Selected Answer: B
B is good.
upvoted 1 times
...
KLei
5 months, 1 week ago
Selected Answer: B
Scoped Policy: A scoped policy allows you to apply restrictions specifically to a folder and its projects Service Perimeter: By using a service perimeter, you can define which services (like BigQuery) can be accessed from within the specified folder.
upvoted 1 times
...
yokoyan
7 months, 3 weeks ago
Selected Answer: B
I think it's B.
upvoted 3 times
json4u
6 months, 2 weeks ago
I think using a service perimeter is key.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago