Which of the following is the correct way to define a VPC Service Controls perimeter in a YAML configuration?

easy📝 Configuration Q12 of 15

GCP - Cloud IAM Advanced

Which of the following is the correct way to define a VPC Service Controls perimeter in a YAML configuration?

AperimeterType: 'NETWORK_PERIMETER' resources: - projects/project-123 restrictedServices: - storage.googleapis.com enforce: true

BperimeterType: 'SERVICE_PERIMETER' resources: - projects/project-123 restrictedServices: - storage.googleapis.com allowAll: true

CperimeterType: 'SERVICE_PERIMETER' resources: - projects/project-123 restrictedServices: - compute.googleapis.com enforce: false

DperimeterType: 'SERVICE_PERIMETER' resources: - projects/project-123 restrictedServices: - storage.googleapis.com enforce: true

Step-by-Step Solution

Solution:

Step 1: Identify correct perimeter type and enforcement
VPC Service Controls use 'SERVICE_PERIMETER' as perimeterType and enforce true to activate restrictions.
Step 2: Check restricted services and resource format
Restricted services should list Google Cloud APIs like storage.googleapis.com, and resources should be project IDs.
Final Answer:
perimeterType: 'SERVICE_PERIMETER' with enforce: true and correct resources -> Option D
Quick Check:
Correct perimeterType and enforce true = perimeterType: 'SERVICE_PERIMETER' resources: - projects/project-123 restrictedServices: - storage.googleapis.com enforce: true [OK]

Quick Trick: SERVICE_PERIMETER with enforce: true is required for VPC SC [OK]

Common Mistakes:

Master "Cloud IAM Advanced" in GCP

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More GCP Quizzes