Exam Professional-Cloud-Security-Engineer Topic 3 Question 12 Discussion

Actual exam question for Google's Professional-Cloud-Security-Engineer exam
Question #: 12
Topic #: 3
Your Google Cloud organization allows for administrative capabilities to be distributed to each team through provision of a Google Cloud project with Owner role (roles/ owner). The organization contains thousands of Google Cloud Projects Security Command Center Premium has surfaced multiple cpen_myscl_port findings.
You are enforcing the guardrails and need to prevent these types of common misconfigurations.
What should you do?

Suggested Answer: D Vote an answer

* Challenge:
* Prevent common misconfigurations that expose services (e.g., MYSQL) to the public internet.
* Hierarchical Firewall Policies:
* These policies can be applied at the organization level to enforce consistent network security rules across all projects.
* Solution:
* Create a hierarchical firewall policy that allows connections only from internal IP ranges.
* This policy ensures that services like MySQL are not exposed to 0.0.0.0/0 (the entire internet).
* Steps:
* Step 1: Define the hierarchical firewall policy at the organization level.
* Step 2: Set the rule to allow traffic only from internal IP ranges.
* Step 3: Apply the policy to all projects under the organization.
* Benefits:
* Centralized management of network security.
* Prevents accidental exposure of services to the public internet, enhancing security.
References:
* Hierarchical Firewall Policies
* Securing MySQL on GCP

by Tracy at Dec 14, 2025, 09:57 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10