Exam Professional-Cloud-Security-Engineer Topic 3 Question 12 Discussion
Actual exam question for Google's Professional-Cloud-Security-Engineer exam
Question #: 12
Topic #: 3
Question #: 12
Topic #: 3
Your Google Cloud organization allows for administrative capabilities to be distributed to each team through provision of a Google Cloud project with Owner role (roles/ owner). The organization contains thousands of Google Cloud Projects Security Command Center Premium has surfaced multiple cpen_myscl_port findings.
You are enforcing the guardrails and need to prevent these types of common misconfigurations.
What should you do?
You are enforcing the guardrails and need to prevent these types of common misconfigurations.
What should you do?
Suggested Answer: D Vote an answer
* Challenge:
* Prevent common misconfigurations that expose services (e.g., MYSQL) to the public internet.
* Hierarchical Firewall Policies:
* These policies can be applied at the organization level to enforce consistent network security rules across all projects.
* Solution:
* Create a hierarchical firewall policy that allows connections only from internal IP ranges.
* This policy ensures that services like MySQL are not exposed to 0.0.0.0/0 (the entire internet).
* Steps:
* Step 1: Define the hierarchical firewall policy at the organization level.
* Step 2: Set the rule to allow traffic only from internal IP ranges.
* Step 3: Apply the policy to all projects under the organization.
* Benefits:
* Centralized management of network security.
* Prevents accidental exposure of services to the public internet, enhancing security.
References:
* Hierarchical Firewall Policies
* Securing MySQL on GCP
* Prevent common misconfigurations that expose services (e.g., MYSQL) to the public internet.
* Hierarchical Firewall Policies:
* These policies can be applied at the organization level to enforce consistent network security rules across all projects.
* Solution:
* Create a hierarchical firewall policy that allows connections only from internal IP ranges.
* This policy ensures that services like MySQL are not exposed to 0.0.0.0/0 (the entire internet).
* Steps:
* Step 1: Define the hierarchical firewall policy at the organization level.
* Step 2: Set the rule to allow traffic only from internal IP ranges.
* Step 3: Apply the policy to all projects under the organization.
* Benefits:
* Centralized management of network security.
* Prevents accidental exposure of services to the public internet, enhancing security.
References:
* Hierarchical Firewall Policies
* Securing MySQL on GCP
by Tracy at Dec 14, 2025, 09:57 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).