Had something like this in a mock. A
Q: 16
A company is building a new application on Cloud Run. The application must
process data from a Cloud Storage bucket, and the security policy dictates that the
Cloud Run service should *only* be able to access *that single* bucket. The goal is
to enforce the principle of least privilege. What is the most precise configuration?
Options
Discussion
Option A Need the allow rule first with higher priority (smaller number), then a deny-all with lower priority to catch everything else. That's standard GCP firewall ordering. Unless I've missed something here, A is right.
A tbh. Allow the AD-specific egress traffic first with higher priority (lower number), then deny everything else at a lower priority. Google Cloud firewall rules process lowest numbers first, so the allow has to come before the deny. Pretty sure this is the right approach for least privilege.
Be respectful. No spam.
Question 16 of 35