Your team wants to make sure Compute Engine instances running in your production project do not have public IP addresses. The frontend application Compute Engine instances will require public IPs.
The product engineers have the Editor role to modify resources. Your team wants to enforce this requirement.
How should your team meet these requirements?
A . Enable Private Access on the VPC network in the production project.
B . Remove the Editor role and grant the Compute Admin IAM role to the engineers.
C . Set up an organization policy to only permit public IPs for the front-end Compute Engine instances.
D . Set up a VPC network with two subnets: one with public IPs and one without public IPs.
Answer: C
Explanation:
Reference:
https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address
https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints#constraints-for-specific-services
Latest Professional Cloud Security Engineer Dumps Valid Version with 93 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund