A security engineer needs to restrict access to Cloud Storage buckets so that only resources in a specific VPC can reach the Google APIs. Which Google Cloud service should be used?
Trap 1: Firewall Rules
Firewall rules control network traffic at the instance level, not API access.
Trap 2: Identity-Aware Proxy
IAP controls access to applications, not to Google Cloud APIs.
Trap 3: Cloud Armor
Cloud Armor is a WAF/DDoS protection service, not for API access restrictions.
- A
Firewall Rules
Why wrong: Firewall rules control network traffic at the instance level, not API access.
- B
VPC Service Controls
VPC Service Controls enforces perimeters around Google Cloud APIs to control data access.
- C
Identity-Aware Proxy
Why wrong: IAP controls access to applications, not to Google Cloud APIs.
- D
Cloud Armor
Why wrong: Cloud Armor is a WAF/DDoS protection service, not for API access restrictions.