PROFESSIONAL-CLOUD-SECURITY-ENGINEER · Question #281
PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #281: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER to reveal the answer and full explanation for question #281. The question stem and answer options stay visible for context.
Question
Your organization utilizes Cloud Run services within multiple projects underneath the non- production folder which requires primarily internal communication. Some services need external access to approved fully qualified domain names (FQDN) while other external traffic must be blocked. Internal applications must not be exposed. You must achieve this granular control with allowlists overriding broader restrictions only for designated VPCs. What should you do?
Options
- AImplement a global-level allowlist rule for the necessary FQDNs within a hierarchical firewall
- BCreate a folder-level deny-all rule for outbound traffic within a hierarchical firewall policy. Define
- CCreate a project-level deny-all rule within a hierarchical structure and apply it broadly. Override
- DConfigure Cloud NAT with IP-based filtering to permit outbound traffic only to the allowlist d
Unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-CLOUD-SECURITY-ENGINEER questions. Unlock PROFESSIONAL-CLOUD-SECURITY-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.