🔥 3-day streak
Professional Cloud Security Engineer144 / 152
Question 144 of 152
A financial services company has enabled a VPC Service Controls perimeter around a project that stores sensitive customer data in Cloud Storage and BigQuery. Compute Engine VMs inside the perimeter have no external IP addresses and must call Google APIs (storage.googleapis.com, bigquery.googleapis.com) without any traffic leaving Google's network or reaching the internet. The security team also wants to ensure that even if credentials leak, the APIs cannot be reached from outside the perimeter. Which network configuration ensures API access stays within the perimeter and cannot bypass VPC Service Controls?
Reviewed for accuracy · Report an issueNext question