Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Database Engineer All Questions

View all questions & answers for the Professional Cloud Database Engineer exam
Go to Exam

Exam Professional Cloud Database Engineer topic 1 question 91 discussion

Actual exam question from Google's Professional Cloud Database Engineer
Question #: 91
Topic #: 1
[All Professional Cloud Database Engineer Questions]

Your project is using Bigtable to store data that should not be accessed from the public internet under any circumstances, even if the requestor has a valid service account key. You need to secure access to this data. What should you do?

  • A. Use Identity and Access Management (IAM) for Bigtable access control.
  • B. Use VPC Service Controls to create a trusted network for the Bigtable service.
  • C. Use customer-managed encryption keys (CMEK).
  • D. Use Google Cloud Armor to add IP addresses to an allowlist.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by pk349 at Dec. 24, 2022, 11:34 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Zek
5 days, 10 hours ago
B While IAM enables granular identity-based access control, VPC Service Controls enables broader context-based perimeter security, including controlling data egress across the perimeter. We recommend using both VPC Service Controls and IAM for defense in depth. https://cloud.google.com/vpc-service-controls/docs/overview#how-vpc-service-controls-works
upvoted 1 times
...
dynamic_dba
1 year, 8 months ago
B. A is wrong because you might have the right credentials but still access Bigtable across the internet. Same is true for C. Cloud Armor could help, but VPC Service Controls is a classic use case of ensuring access is only from within certain VPC networks. From Google’s documentation, “Users can define a security perimeter around Google Cloud resources such as Cloud Storage buckets, Bigtable instances, and BigQuery datasets to constrain data within a VPC and control the flow of data.” https://cloud.google.com/vpc-service-controls
upvoted 3 times
...
chelbsik
1 year, 11 months ago
Selected Answer: B
I'll go for B
upvoted 4 times
...
pk349
1 year, 11 months ago
B: Use VPC Service Controls to create a trusted network for the Bigtable service.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel