Google Cloud Professional Cloud Security Engineer Practice Exam

What steps must be taken to provide access to a third-party disk image secured in an external Google Cloud organization?

• A. Update the perimeter and configure access levels
• B. Share the project directly with the external organization
• C. Allow any external access to the project
• D. Create a separate project for sharing

The correct answer is: Update the perimeter and configure access levels

To provide access to a third-party disk image secured in an external Google Cloud organization, updating the perimeter and configuring access levels is crucial. This involves utilizing Google Cloud's VPC Service Controls, which provide enhanced security by allowing users to define a security perimeter around the services used by the organization. By configuring access levels, you can specify who can access specific resources across organizational borders, ensuring that the third party has the appropriate permissions while maintaining security. This approach allows for controlled and secure access without compromising the integrity of the overall environment. It aligns with best practices for managing access to sensitive resources across different organizations, ensuring that only authorized users can access or manage the disk image in question. The other options may not adequately manage access or security. Sharing the project directly could expose more resources than intended and may not enforce the necessary security policies. Allowing any external access to the project would undermine security controls and could lead to unauthorized access. Creating a separate project might facilitate sharing but could complicate management and oversight without the robust access control provided by updating the perimeter and configuring access levels.