🔥 3-day streak
Professional Cloud Security Engineer101 / 152
Question 101 of 152

A financial services company runs all production workloads in a single GCP folder called 'prod'. A recent audit found that several Compute Engine VMs were created with external IP addresses, violating the company's policy that production instances must only be reachable through internal networking and Cloud NAT. The security team wants to prevent any future VM in the 'prod' folder from being assigned an external IP, while allowing developers in a separate 'sandbox' folder to continue using external IPs for testing. What is the most effective way to enforce this?

Reviewed for accuracy · Report an issueNext question