You have the following resource hierarchy.

Google Professional-Cloud-Security-Engineer Full Course Access

Google Professional-Cloud-Security-Engineer View All Questions

Google Professional-Cloud-Security-Engineer Question Answer

You have the following resource hierarchy. There is an organization policy at each node in the hierarchy as shown. Which load balancer types are denied in VPC A?

All load balancer types are denied in accordance with the global node’s policy.

INTERNAL_TCP_UDP, INTERNAL_HTTP_HTTPS is denied in accordance with the folder’s policy.

EXTERNAL_TCP_PROXY, EXTERNAL_SSL_PROXY are denied in accordance with the project’s policy.

EXTERNAL_TCP_PROXY, EXTERNAL_SSL_PROXY, INTERNAL_TCP_UDP, and INTERNAL_HTTP_HTTPS are denied in accordance with the folder and project’s policies.

Explanation:

Understanding Organization Policies:

Organization policies are rules that can be set at different levels of the resource hierarchy in GCP to enforce governance and compliance.

These policies can be set at the organization node, folders, and projects, and they are inherited down the hierarchy unless explicitly overridden.

Hierarchy and Policy Inheritance:

The provided resource hierarchy has an organization node (Example.com), folders (Folder 1 and Folder 2), and a project (Project 2) under Folder 2 with a specific VPC (VPC A).

Each node in the hierarchy can have its own policies, and these policies are inherited by child nodes unless overridden.

Analyzing the Policies in the Hierarchy:

Organization Node Policy:

json

Copy code

{ "constraint": "constraints/compute.restrictLoadBalancerCreationForTypes", "listPolicy": { "allValues": "DENY" } }

This policy at the organization node denies all load balancer types.

Folder 2 Policy:

json

Copy code

{ "constraint": "constraints/compute.restrictLoadBalancerCreationForTypes", "listPolicy": { "deniedValues": ["INTERNAL_TCP_UDP", "INTERNAL_HTTP_HTTPS"] } }

This policy at Folder 2 denies the creation of INTERNAL_TCP_UDP and INTERNAL_HTTP_HTTPS load balancers.

Project 2 Policy:

json

Copy code

{ "constraint": "constraints/compute.restrictLoadBalancerCreationForTypes", "listPolicy": { "deniedValues": ["EXTERNAL_TCP_PROXY", "EXTERNAL_SSL_PROXY"] } }

This policy at Project 2 denies the creation of EXTERNAL_TCP_PROXY and EXTERNAL_SSL_PROXY load balancers.

Policy Application to VPC A:

Since policies are inherited, VPC A (which is within Project 2 under Folder 2) will be affected by the policies of both Folder 2 and Project 2.

Combining the denied values from both Folder 2 and Project 2:

From Folder 2: INTERNAL_TCP_UDP, INTERNAL_HTTP_HTTPS

From Project 2: EXTERNAL_TCP_PROXY, EXTERNAL_SSL_PROXY

Conclusion:

VPC A will have the following load balancer types denied: INTERNAL_TCP_UDP, INTERNAL_HTTP_HTTPS, EXTERNAL_TCP_PROXY, EXTERNAL_SSL_PROXY.

[References:, GCP Documentation on Organization Policies, GCP Documentation on Constraints and List Policies, , , ]

Professional-Cloud-Security-Engineer PDF/Engine

Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions

buy now Professional-Cloud-Security-Engineer pdf

Get 65% Discount on All Products, Use Coupon: "ac4s65"

Your organization has on-premises hosts that need to access Google Cloud APIs You must enforce...

Your organization is using Active Directory and wants to configure Security Assertion Markup Language (SAML).

Month End Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

You have the following resource hierarchy.

The Answer Is:

Explanation:

Quick Links