- Home
- Google Cloud Certified - Professional Cloud Network Engineer
- Google.Professional-Cloud-Network-Engineer.v2025-05-28.q94
- Question 86
Valid Professional-Cloud-Network-Engineer Dumps shared by ExamDiscuss.com for Helping Passing Professional-Cloud-Network-Engineer Exam! ExamDiscuss.com now offer the newest Professional-Cloud-Network-Engineer exam dumps, the ExamDiscuss.com Professional-Cloud-Network-Engineer exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com Professional-Cloud-Network-Engineer dumps with Test Engine here:
Access Professional-Cloud-Network-Engineer Dumps Premium Version
(236 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 86/94
(You are managing the security configuration of your company's Google Cloud organization. The Operations team needs specific permissions on both a Google Kubernetes Engine (GKE) cluster and a Cloud SQL instance. Two predefined Identity and Access Management (IAM) roles exist that contain a subset of the permissions needed by the team. You need to configure the necessary IAM permissions for this team while following Google-recommended practices. What should you do?)
Correct Answer: A,C,D
Granting more permissions than necessary violates the principle of least privilege, a fundamental security best practice. While option A grants the necessary permissions (as subsets exist in two predefined roles), it might also grant more permissions than the Operations team strictly requires for their tasks on GKE and Cloud SQL.
Option D is too broad; 'Admin' roles grant extensive permissions that likely exceed the specific needs.
Google Cloud's best practices strongly recommend adhering to the principle of least privilege. Creating a custom role allows you to precisely define the set of permissions the Operations team needs for their specific tasks on the GKE cluster and the Cloud SQL instance, without granting any unnecessary permissions. This minimizes the potential blast radius in case of accidental or malicious actions.
Google Cloud Documentation References:
IAM best practices: https://cloud.google.com/iam/docs/best-practices - This document explicitly recommends granting the minimum necessary permissions.
Creating and managing custom roles: https://cloud.google.com/iam/docs/creating-managing-custom-roles - This explains how to create roles tailored to specific job functions.
Understanding roles: https://cloud.google.com/iam/docs/understanding-roles - This outlines the concepts of predefined and custom roles and their use cases.
Option D is too broad; 'Admin' roles grant extensive permissions that likely exceed the specific needs.
Google Cloud's best practices strongly recommend adhering to the principle of least privilege. Creating a custom role allows you to precisely define the set of permissions the Operations team needs for their specific tasks on the GKE cluster and the Cloud SQL instance, without granting any unnecessary permissions. This minimizes the potential blast radius in case of accidental or malicious actions.
Google Cloud Documentation References:
IAM best practices: https://cloud.google.com/iam/docs/best-practices - This document explicitly recommends granting the minimum necessary permissions.
Creating and managing custom roles: https://cloud.google.com/iam/docs/creating-managing-custom-roles - This explains how to create roles tailored to specific job functions.
Understanding roles: https://cloud.google.com/iam/docs/understanding-roles - This outlines the concepts of predefined and custom roles and their use cases.
- Question List (94q)
- Question 1: You have configured a Compute Engine virtual machine instanc...
- Question 2: You recently deployed Cloud VPN to connect your on-premises ...
- Question 3: You recently deployed Cloud VPN to connect your on-premises ...
- Question 4: Your organization wants to set up hybrid connectivity with V...
- Question 5: Your company's on-premises network is connected to a VPC usi...
- Question 6: You have ordered Dedicated Interconnect in the GCP Console a...
- Question 7: Question: Your organization has an on-premises data center. ...
- Question 8: Your company has a single Virtual Private Cloud (VPC) networ...
- Question 9: You need to restrict access to your Google Cloud load-balanc...
- Question 10: You are maintaining a Shared VPC in a host project. Several ...
- Question 11: Your organization's security policy requires that all intern...
- Question 12: You want to set up two Cloud Routers so that one has an acti...
- Question 13: You have created an HTTP(S) load balanced service. You need ...
- Question 14: You are deploying an application that runs on Compute Engine...
- Question 15: You are responsible for designing a new connectivity solutio...
- Question 16: Question: You are designing the architecture for your organi...
- Question 17: Your company's Google Cloud-deployed, streaming application ...
- Question 18: You are designing a new application that has backends intern...
- Question 19: You have provisioned a Partner Interconnect connection to ex...
- Question 20: You decide to set up Cloud NAT. After completing the configu...
- Question 21: You are designing a shared VPC architecture. Your network an...
- Question 22: (Your digital media company stores a large number of video f...
- Question 23: Your company has recently installed a Cloud VPN tunnel betwe...
- Question 24: After a network change window one of your company's applicat...
- Question 25: Your on-premises data center has 2 routers connected to your...
- Question 26: You are disabling DNSSEC for one of your Cloud DNS-managed z...
- Question 27: You are designing a hybrid cloud environment. Your Google Cl...
- Question 28: You are migrating to Cloud DNS and want to import your BIND ...
- Question 29: You recently deployed two network virtual appliances in us-c...
- Question 30: You configured a single IPSec Cloud VPN tunnel for your orga...
- Question 31: You are designing an IP address scheme for new private Googl...
- Question 32: Your software team is developing an on-premises web applicat...
- Question 33: You are configuring an HA VPN connection between your Virtua...
- Question 34: Your company offers a popular gaming service. Your instances...
- Question 35: You are deploying a global external TCP load balancing solut...
- Question 36: You are configuring a new HTTP application that will be expo...
- Question 37: You successfully provisioned a single Dedicated Interconnect...
- Question 38: You are the network administrator responsible for hybrid con...
- Question 39: One instance in your VPC is configured to run with a private...
- Question 40: You want to apply a new Cloud Armor policy to an application...
- Question 41: In your project my-project, you have two subnets in a Virtua...
- Question 42: You have recently been put in charge of managing identity an...
- Question 43: All the instances in your project are configured with the cu...
- Question 44: You are adding steps to a working automation that uses a ser...
- Question 45: Your company just completed the acquisition of Altostrat (a ...
- Question 46: You are responsible for configuring firewall policies for yo...
- Question 47: You are configuring the firewall endpoints as part of the Cl...
- Question 48: You have the following private Google Kubernetes Engine (GKE...
- Question 49: You need to centralize the Identity and Access Management pe...
- Question 50: Your organization is deploying a single project for 3 separa...
- Question 51: Your organization has a new security policy that requires yo...
- Question 52: You recently deployed Compute Engine instances in regions us...
- Question 53: Question: Your organization's security team recently discove...
- Question 54: Your organization has resources in two different VPCs, each ...
- Question 55: There are two established Partner Interconnect connections b...
- Question 56: (You are deploying an application to Google Kubernetes Engin...
- Question 57: Your organization has Compute Engine instances in us-east1, ...
- Question 58: You are configuring your Google Cloud environment to connect...
- Question 59: You need to define an address plan for a future new Google K...
- Question 60: (You need to migrate multiple PostgreSQL databases from your...
- Question 61: In your company, two departments with separate GCP projects ...
- Question 62: Your on-premises data center has 2 routers connected to your...
- Question 63: You are designing a Google Kubernetes Engine (GKE) cluster f...
- Question 64: Your company has provisioned 2000 virtual machines (VMs) in ...
- Question 65: You are using the gcloud command line tool to create a new c...
- Question 66: You have deployed a proof-of-concept application by manually...
- Question 67: You have the networking configuration shown. In the diagram ...
- Question 68: (You are managing an application deployed on Cloud Run. The ...
- Question 69: You work for a university that is migrating to GCP. These ar...
- Question 70: Your company runs an enterprise platform on-premises using v...
- Question 71: Your company has separate Virtual Private Cloud (VPC) networ...
- Question 72: You need to create a GKE cluster in an existing VPC that is ...
- Question 73: You have enabled HTTP(S) load balancing for your application...
- Question 74: You are the network administrator responsible for hybrid con...
- Question 75: You work for a university that is migrating to Google Cloud....
- Question 76: You need to create the technical architecture for hybrid con...
- Question 77: Your company has just launched a new critical revenue-genera...
- Question 78: Question: Your organization has a subset of applications in ...
- Question 79: You have a web application that is currently hosted in the u...
- Question 80: Question: You are configuring the final elements of a migrat...
- Question 81: You have a storage bucket that contains the following object...
- Question 82: Question: Your organization wants to seamlessly migrate a gl...
- Question 83: Question: Your organization is deploying a mission-critical ...
- Question 84: Your company offers a popular gaming service. Your instances...
- Question 85: You need to create the network infrastructure to deploy a hi...
- Question 86: (You are managing the security configuration of your company...
- Question 87: You built a web application with several containerized micro...
- Question 88: Question: Your organization has a hub and spoke architecture...
- Question 89: You are planning a large application deployment in Google Cl...
- Question 90: You want to configure a NAT to perform address translation b...
- Question 91: You are deploying an HA VPN within Google Cloud. You need to...
- Question 92: Your organization has a single project that contains multipl...
- Question 93: You are designing a hub-and-spoke network architecture for y...
- Question 94: You created a new VPC for your development team. You want to...
[×]
Download PDF File
Enter your email address to download Google.Professional-Cloud-Network-Engineer.v2025-05-28.q94.pdf