Practice Test 1 | Google Cloud Certified Professional Cloud Architect | Dumps | Mock Test
You are working with a custom VPC and network. You need to allow traffic from specific virtual machines in ‘subnet-a’ network access to machines in ‘subnet-b’ without giving the entirety of subnet-a access. How can you accomplish this?
A. Create a firewall rule to allow traffic from resources with specific network tags, then assign the specific machines in subnet-a the same tags.
B. Relocate the subnet-a machines to a different subnet and give the new subnet the needed access.
C. Create a rule to deny all traffic to the entire subnet, then create a second rule with higher priority giving access to tagged VM’s in subnet-a.
D. You can only grant firewall access to an entire subnet and not individual VM’s inside.
Correct Answer: A
A – Create a firewall rule to allow traffic from resources with specific network tags, then assign the specific machines in subnet-a the same tags.
Network tags allow more granular access based on individually tagged instances – Instances by target tags: The firewall rule is applicable only to VMs if they have a matching network tag. It allows specific VMs in the subnet-a to reach the VMs in subnet-b.
B – Relocate the subnet-a machines to a different subnet and give the new subnet the needed access.
This would give the entire subnet access which is against the requirements: allow traffic from specific virtual machines in ‘subnet-a’ network access to machines in ‘subnet-b’ without giving the entirety of subnet-a access.
C – Create a rule to deny all traffic to the entire subnet, then create a second rule with higher priority giving access to tagged VM’s in subnet-a.
Every custom VPC by default has a firewall rule that denies network traffic between subnet.
D – You can only grant firewall access to an entire subnet and not individual VM’s inside.
Comments are closed, but trackbacks and pingbacks are open.