🔥 3-day streak
Professional Cloud Security Engineer135 / 152
Question 135 of 152

A retail company uses a Shared VPC where the network team owns the host project and application teams deploy Compute Engine instances into attached service projects. The security team wants application teams to be able to target their own VM instances with firewall rules WITHOUT granting them the ability to create or modify firewall rules directly, and without relying on network tags that any instance owner could freely apply. Which approach best meets these requirements?

Reviewed for accuracy · Report an issueNext question