Challenge - 5 Problems

🎖️

VPC Service Controls Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

🧠 Conceptual

intermediate

2:00remaining

Understanding VPC Service Controls Perimeter Behavior

You have created a VPC Service Controls perimeter around your Google Cloud project to protect sensitive data. Which of the following statements best describes what happens when a request originates from outside the perimeter trying to access a protected service inside?

AThe request is blocked unless it originates from a resource inside the perimeter or from an authorized access level.

BThe request is always allowed but logged for auditing purposes.

CThe request is allowed if it uses a service account with the correct IAM role, regardless of origin.

DThe request is allowed only if it comes from a trusted IP address range configured in the perimeter.

Attempts:

2 left

❓ Architecture

intermediate

2:00remaining

Designing a VPC Service Controls Perimeter for Multi-Project Access

You have two Google Cloud projects: Project A and Project B. Both need to access a shared Cloud Storage bucket protected by a VPC Service Controls perimeter. How should you configure the perimeter to allow access from both projects?

ACreate a single perimeter that includes both Project A and Project B as protected resources.

BDo not use perimeters; rely solely on IAM permissions for access control.

CCreate a perimeter only around Project A and grant IAM roles to Project B's service accounts.

DCreate separate perimeters for each project and link them with a service perimeter bridge.

Attempts:

2 left

❓ security

advanced

2:00remaining

Evaluating Access Levels in VPC Service Controls

You configured an access level using Access Context Manager to allow access only from devices with a specific security posture. Which of the following is a valid way to enforce this access level in your VPC Service Controls perimeter?

AUse the access level only in IAM policies for service accounts accessing resources.

BAttach the access level to the perimeter's ingress rules to restrict incoming requests.

CApply the access level as an egress rule to control outbound traffic from the perimeter.

DConfigure the access level as a firewall rule in the VPC network.

Attempts:

2 left

❓ service_behavior

advanced

2:00remaining

Impact of VPC Service Controls on Cloud Functions Invocations

You have deployed Cloud Functions inside a VPC Service Controls perimeter. What happens when an external client tries to invoke a Cloud Function protected by the perimeter without proper access level?

AThe invocation is queued until the client gains proper access level.

BThe Cloud Function executes but logs a warning about perimeter violation.

CThe invocation request is blocked and returns a 403 Forbidden error.

DThe Cloud Function executes normally because VPC Service Controls do not affect Cloud Functions.

Attempts:

2 left

✅ Best Practice

expert

3:00remaining

Optimizing VPC Service Controls Perimeter for Least Privilege Access

You want to enforce least privilege access using VPC Service Controls for a sensitive BigQuery dataset. Which configuration best achieves this goal?

ACreate a perimeter including only the BigQuery service and restrict access with access levels based on user identity and device security.

BCreate a perimeter including all Google Cloud services and allow access from all internal IP ranges.

CUse IAM roles only without creating a perimeter to simplify management.

DCreate a perimeter including BigQuery and Cloud Storage, allowing access from any Google-managed service account.

Attempts:

2 left