Module 5: Configuring Virtual Private Cloud for Isolation and Security
Looking for ‘Managing Security in Google Cloud Module 5 Answers’?
In this post, I provide complete, accurate, and detailed explanations for the answers to Module 5: Configuring Virtual Private Cloud for Isolation and Security of Course 9: Managing Security in Google Cloud – Preparing for Google Cloud Certification: Cloud Security Engineer Professional Certificate.
Whether you’re preparing for quizzes or brushing up on your knowledge, these insights will help you master the concepts effectively. Let’s dive into the correct answers and detailed explanations for each question!
Configuring Virtual Private Cloud for Isolation and Security
Graded Assignment
1. Which TWO of the following statements about VPCs is TRUE?
- Every VPC network functions as a distributed firewall where firewall rules are defined at the network level. ✅
- VPC firewall rules in Google Cloud are global in scope. ✅
- A connection is considered active if it has at least one packet sent over a one hour period.
- Google Cloud Firewall allows rules by default only affect traffic flowing in one direction.
Explanation:
- Google Cloud VPCs act as distributed firewalls, and rules are enforced across all virtual machines in the network.
- Firewall rules are global, meaning they apply regardless of region or zone.
2. Which FOUR of the following are firewall rule parameters?
- Direction ✅
- Source ✅
- Timestamp
- Action ✅
- Organization
- Project
- IP Address ✅
Explanation:
Firewall rule parameters include:
- Direction (ingress or egress)
- Source or destination
- Action (allow or deny)
- IP Address ranges (source or destination)
3. Which ONE of the following statements is TRUE when discussing the SSL capabilities of Google Cloud Load Balancer?
- The Google-managed profile, COMPATIBLE, allows clients which support out-of-date SSL features. ✅
- If no SSL policy is set, the SSL policy is automatically set to the most constrained policy, which is RESTRICTED.
- Google Cloud Load Balancers require, and will only accept, a Google-managed SSL Cert.
- You must use one of the 3 pre-configured “Google-managed profiles” to specify the level of compatibility appropriate for your application.
Explanation:
COMPATIBLE is designed to work with a broader range of clients, including those with outdated SSL capabilities.
4. Which statement about VPC Service Controls is false?
- VPC Service Controls restrict Internet access to resources within a perimeter using allowlisted IPv4 and IPv6 ranges.
- VPC Service Controls protect resources within a perimeter so they can only be privately accessed from clients within authorized VPC networks.
- VPC Service Controls restrict Internet access to resources within a perimeter by checking permissions assigned to Cloud Identity and Active Directory accounts only. ✅
- VPC Service Controls prevent data from being copied to unauthorized resources outside the perimeter using service operations.
Explanation:
- VPC Service Controls protect services from data exfiltration, not just based on identity permissions.
- They work by defining security perimeters, not by checking only identity-based permissions.
All the other options are true descriptions of what VPC Service Controls do.
Related contents:
Module 2: Foundations of Google Cloud Security
Module 3: Securing Access to Google Cloud
Module 4: Identity and Access Management (IAM)
You might also like:
Course 1: Preparing for Your Professional Cloud Security Engineer Journey
Course 2: Google Cloud Fundamentals: Core Infrastructure
Course 3: Networking in Google Cloud: Fundamentals
Course 4: Networking in Google Cloud: Routing and Addressing
Course 5: Networking in Google Cloud: Network Architecture
Course 6: Networking in Google Cloud: Network Security
Course 7: Networking in Google Cloud: Load Balancing
Course 10: Security Best Practices in Google Cloud
Course 11: Mitigating Security Vulnerabilities on Google Cloud
Course 12: Logging and Monitoring in Google Cloud
Course 13: Observability in Google Cloud
Course 14: Hands-On Labs in Google Cloud for Security Engineers