PROFESSIONAL-CLOUD-ARCHITECT · Question #299
PROFESSIONAL-CLOUD-ARCHITECT Question #299: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-CLOUD-ARCHITECT to reveal the answer and full explanation for question #299. The question stem and answer options stay visible for context.
Question
To improve governance and security, your organization has structured the Google Cloud environment using folders for different business units. Each business unit folder has subfolders for development, staging, and production environments, which must comply with internal security controls: - Production workloads must be protected from direct internet ingress by default unless explicitly tagged. - The application must be accessible to customers over HTTPS. You need to design a scalable and enforceable model that blocks internet ingress traffic to the production folders while selectively allowing direct HTTPS traffic to the necessary virtual machines. You must also ensure that individual project teams cannot overwrite these controls once they are implemented for all current and future production projects. What should you do?
Options
- AAt each production folder, apply a hierarchical firewall policy to deny all ingress except for HTTPS
- BMandate the application teams to deploy a Terraform module to create VPC firewall rules in each
- CAt the organization root, apply a hierarchical firewall policy to deny all ingress except for HTTPS
- DAt each production folder, use an organization policy to block all external IPs and require teams to
Unlock PROFESSIONAL-CLOUD-ARCHITECT to see the answer
You've previewed enough free PROFESSIONAL-CLOUD-ARCHITECT questions. Unlock PROFESSIONAL-CLOUD-ARCHITECT for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.