Google Cloud Professional Cloud Security Engineer Practice Exam

When using Security Command Center Premium, what is a recommended action to prevent misconfigurations related to MySQL port access?

• A. Create a hierarchical firewall policy at the organization level
• B. Enable all ports in the project firewall settings
• C. Disable external IPs for all VMs
• D. Restrict SSH access to approved IP addresses only

The correct answer is: Create a hierarchical firewall policy at the organization level

Creating a hierarchical firewall policy at the organization level is a recommended action to prevent misconfigurations related to MySQL port access because it allows for a centralized and consistent approach to managing security rules across all projects within the organization. This structure ensures that any security policies, such as those controlling access to the MySQL port, are uniformly applied, thereby minimizing the risk of human error during configuration. By utilizing hierarchical policies, you can enforce specific rules that restrict access to the MySQL port only to approved sources, effectively managing who can communicate with your database services. This also enhances visibility and control over firewall rules, enabling you to quickly audit and update security measures as needed. In contrast, enabling all ports in the project firewall settings would increase security risks by exposing services unnecessarily. Disabling external IPs for all VMs provides a layer of protection but does not directly address MySQL port access specifically. Restricting SSH access to approved IP addresses helps control access to the virtual machines but doesn’t directly influence the configuration or access controls specific to the MySQL service itself. Therefore, the hierarchical firewall policy approach offers a more comprehensive and effective solution tailored to managing data exposure securely.