Challenge - 5 Problems

🎖️

Access Context Manager Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

🧠 Conceptual

intermediate

2:00remaining

Understanding Access Context Manager Perimeter Behavior

You have created an Access Context Manager service perimeter around your Google Cloud projects to restrict data access. What happens if a user tries to access a resource inside the perimeter from a device that is not compliant with the defined access level?

AThe access request is allowed but logged for auditing purposes only.

BThe access request is denied because the device does not meet the access level requirements.

CThe access request is allowed without any restrictions since the user is authenticated.

DThe access request is redirected to a VPN to meet compliance requirements.

Attempts:

2 left

❓ Configuration

intermediate

2:00remaining

Configuring an Access Level with Device Policy

You want to create an Access Level that only allows access from devices that are encrypted and have a screen lock enabled. Which JSON snippet correctly defines this device policy in Access Context Manager?

A{ "devicePolicy": { "encryptionStatus": "ENCRYPTED", "screenLockRequired": true } }

B{ "devicePolicy": { "encryptionStatus": "UNENCRYPTED", "screenLockRequired": false } }

C{ "devicePolicy": { "encryptionStatus": "ENCRYPTED", "screenLockRequired": false } }

D{ "devicePolicy": { "encryptionStatus": "UNENCRYPTED", "screenLockRequired": true } }

Attempts:

2 left

❓ Architecture

advanced

2:30remaining

Designing a Secure Access Perimeter for Multiple Projects

You manage three Google Cloud projects with sensitive data. You want to create a single service perimeter that includes all three projects and restricts access to only users from your corporate network and compliant devices. Which architecture best achieves this?

ACreate a service perimeter including only one project and use VPN to connect the other projects securely.

BCreate separate service perimeters for each project with different access levels for each corporate subnet and device policy.

CUse firewall rules on each project to restrict IP ranges and rely on IAM roles for device compliance.

DCreate one service perimeter including all three projects and define an access level that combines IP subnet restrictions for the corporate network and device compliance policies.

Attempts:

2 left

❓ security

advanced

2:00remaining

Evaluating Access Context Manager's Response to Unauthorized Access

When a user outside the defined access levels tries to access a resource inside a service perimeter, what is the default behavior of Access Context Manager?

AThe request is blocked and the user receives a 403 Forbidden error.

BThe request is redirected to a login page for additional authentication.

CThe request is allowed but triggers an alert to the security team.

DThe request is queued until an administrator approves it.

Attempts:

2 left

❓ service_behavior

expert

3:00remaining

Analyzing Access Context Manager Behavior with Nested Service Perimeters

You have two service perimeters: Perimeter A includes Project 1 and Perimeter B includes Project 1 and Project 2. Both perimeters have different access levels. A user tries to access Project 1 resources. Which access level is enforced?

AThe access level of Perimeter B is enforced because it includes more projects.

BThe access level of Perimeter A is enforced because it is the smaller perimeter.

CThe more restrictive access level between Perimeter A and Perimeter B is enforced.

DNo access level is enforced due to overlapping perimeters causing conflict.

Attempts:

2 left