Google Sample Question 5 of 27

Your organization has two Google Cloud projects, project A and project B. In project A, you have a Pub/Sub topic that receives data from confidential sources. Only the resources in project A should be able to access the data in that topic. You want to ensure that project B and any future project cannot access data in the project A topic. What should you do?

Source: Google Cloud OFFICIAL

Official sample question published by Google Cloud. WiseOwlLearns is not affiliated with Google LLC.

All explanations and Option Analyzer™ content are generated by WiseOwlLearns and are not endorsed by Google Cloud.

A Configure VPC Service Controls in the organization with a perimeter around project A. ✓ Correct
B Configure VPC Service Controls in the organization with a perimeter around the VPC of project A.
C Add firewall rules in project A so only traffic from the VPC in project A is permitted.
D Use Identity and Access Management conditions to ensure that only users and service accounts in project A can access resources in project A.
🦉 Explanation by WiseOwl Tutor™ — not endorsed by Google

A is correct because the problem is avoiding data exfiltration from project A, and that's what VPC-SC is for (and Pub/Sub is one of the products supported by VPC-SC). B is not correct because that would have no effect preventing the access to Pub/Sub, since it is a serverless product. C is not correct because Pub/Sub is a serverless product, and firewall rules will have no effect. D is not correct because IAM conditions are not supported in Pub/Sub, and project id is not one of the conditions that can be used. Also, users don't belong to projects, so there is no way to select only users in project A.

Ready to practice?

These 27 official sample questions are free to practice on WiseOwlLearns — no account required. Get real-time tutoring from WiseOwl Tutor™ and step-by-step elimination reasoning from Option Analyzer™.

Start Practicing Free View Professional Data Engineer Course →