GCP-PCA
Designing for security and compliance
hard
Question 4 of 36

A company wants sensitive Google-managed services reachable only from trusted networks, including its hybrid landing zone, while reducing data exfiltration risk. Which design best fits?

AOnly grant predefined IAM roles on each project
BUse VPC Service Controls service perimeters and extend private access from hybrid networks with Private Google Access on-premises extensions
CExpose services on the public internet and rely on passwords
DUse Cloud Interconnect without any perimeter controls

More Designing for security and compliance Questions

36 questions

Full Google Cloud Professional Cloud Architect Practice Test

All topics covered

All Google Cloud Professional Cloud Architect Questions

Browse by topic

Related Questions

Which IAM role type should generally not be used in production because it is highly permissive and p...

easy

If you grant an IAM role on a folder, what happens to projects and resources inside that folder?...

easy

An application needs a managed service to store database passwords and API keys with versioning, rol...

medium

A security team wants an extra layer of defense that helps prevent data exfiltration from Cloud Stor...

medium

A company wants a central authorization layer for internal HTTPS applications instead of depending o...

medium
View all Designing for security and compliance questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account