Your company has a Google Cloud project that uses BigQuery for data warehousing. They have a VPN tunnel between the on-premises environment and Google Cloud that is configured with Cloud VPN. The security team wants to avoid data exfiltration by malicious insiders, compromised code, and accidental oversharing. What should they do?
Choose an answer
Tap an option to check your answer.
Correct answer: Configure VPC Service Controls and configure Private Google Access..
Why this is the answer
VPC Service Controls creates a security perimeter around your BigQuery resources, preventing unauthorized access from outside the perimeter and controlling data movement. This directly addresses data exfiltration risks from malicious insiders, compromised code, and accidental oversharing. Private Google Access allows your on-premises hosts to connect to Google APIs and services, including BigQuery, over the VPN tunnel without traversing the public internet, enhancing security and reducing exposure. Configuring Private Google Access for on-premises only is insufficient as it doesn't create a security perimeter. The service account approach doesn't prevent data exfiltration at the network level and could still allow data movement outside the desired perimeter. Configuring only Private Google Access also lacks the crucial perimeter security provided by VPC Service Controls.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed