Your organization wants to implement a zero-trust security model on GCP. What combination of services should you configure to meet this requirement?
Choose an answer
Tap an option to check your answer.
Correct answer: VPC Service Controls with Cloud Armor and managed SSL Certificates.
Why this is the answer
The correct answer is VPC Service Controls with Cloud Armor and managed SSL Certificates. VPC Service Controls create security perimeters around sensitive data to prevent exfiltration, a core tenet of zero trust. Cloud Armor provides DDoS protection and WAF capabilities, enforcing security policies at the edge. Managed SSL Certificates ensure secure, encrypted communication. BeyondCorp with Identity-Aware Proxy and Cloud Identity is a strong zero-trust solution for accessing applications, but VPC Service Controls are crucial for data perimeter security. Cloud VPN with private Google access and IAM roles focuses on network connectivity and access management, not comprehensive data exfiltration prevention. Cloud Identity, Firestore with Security Rules, and Private Endpoints are specific to database security and access, not a broad zero-trust implementation. Cloud Endpoints with ESPv2, HTTPS Load Balancer with client SSL certificates are for API management and secure API access, not a full zero-trust model.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed