ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 113 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 113
Topic #: 1
[All Professional Cloud Network Engineer Questions]

You have two Google Cloud projects in a perimeter to prevent data exfiltration. You need to move a third project inside the perimeter; however, the move could negatively impact the existing environment. You need to validate the impact of the change. What should you do?

  • A. Enable Firewall Rules Logging inside the third project.
  • B. Modify the existing VPC Service Controls policy to include the new project in dry run mode.
  • C. Monitor the Resource Manager audit logs inside the perimeter.
  • D. Enable VPC Flow Logs inside the third project, and monitor the logs for negative impact.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by AzureDP900 at Dec. 1, 2022, 2:06 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nosense
Highly Voted 1 year, 11 months ago
Selected Answer: B
Looks like b https://cloud.google.com/vpc-service-controls/docs/dry-run-mode
upvoted 7 times
...
ZODOGAM
Most Recent 7 months ago
It's B
upvoted 1 times
...
pk349
1 year, 9 months ago
• B. Modify the existing VPC ***** Service Controls policy to include the new project in dry run mode. Dry run mode for Service Perimeters When using VPC Service Controls, it can be difficult to determine the impact to your environment when a service perimeter is created or modified. With dry run mode, you can better understand the impact of enabling VPC Service Controls and changes to perimeters in existing environments. In dry run mode, requests that violate the perimeter policy are not denied, only logged. Dry run mode is used to test perimeter configuration and to monitor usage of services without preventing access to resources. Common use cases include: • Determining the impact that changes to existing service ***** perimeters will have. • Previewing the impact that new service perimeters will have.
upvoted 3 times
...
jitu028
1 year, 10 months ago
Correct answer - B https://cloud.google.com/vpc-service-controls/docs/dry-run-mode#:~:text=With%20dry%20run%20mode%2C%20you%20can%20better%20understand%20the%20impact%20of%20enabling%20VPC%20Service%20Controls%20and%20changes%20to%20perimeters%20in%20existing%20environments.
upvoted 2 times
...
AzureDP900
1 year, 11 months ago
B is right answer n dry run mode, requests that violate the perimeter policy are not denied, only logged. Dry run mode is used to test perimeter configuration and to monitor usage of services without preventing access to resources. Common use cases include: Determining the impact that changes to existing service perimeters will have. Previewing the impact that new service perimeters will have. Monitoring requests to protected services that originate from outside a service perimeter. For example, seeing where requests to a given service are coming from, or to identify unexpected service usage in your organization. In your development environments, creating an analogous perimeter architecture to your production environment. This allows you to identify and mitigate any issues that will be caused by your service perimeters before pushing changes to your production environment. Service perimeters can exist using dry run mode exclusively. You can also have service perimeters that use a hybrid of enforced and dry run modes. https://cloud.google.com/vpc-service-controls/docs/dry-run-mode
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago