Home › GCP Professional Cloud Architect › cloudcomputing › gcppcasecurity › Which GCP control lets an architect define a sec…
Which GCP control lets an architect define a security perimeter around managed services (e.g. BigQuery, Cloud Storage) and prevent data exfiltration to outside projects/networks?
AVPC Service Controls
BCloud Armor (WAF)
CCloud Memorystore
DCloud DNS
Answer & Solution
Correct answer: A. VPC Service Controls
VPC Service Controls create service perimeters to prevent exfiltration (per the exam guide §3.1). Armor is WAF; DNS/Memorystore aren't perimeters.
Related questions
Which GCP compliance design feature gives an architect audit-grade tamper-evident logs of Which GCP design principle separates production deploy permissions from production data-reWhich Chrome Enterprise feature gives administrators device-aware policies and threat protWhich GCP IAM feature lets a less-privileged user temporarily assume the identity of a morWhich GCP feature lets an architect protect generative-AI deployments from prompt-injectioWhich GCP feature lets an architect enforce constraints across an entire organisation (e.gWhich GCP feature lets a workload outside GCP (e.g. AWS / Azure / on-prem) authenticate toWhich GCP service provides secure remote access to internal apps without a corporate VPN —