Practice Test 2 | Google Cloud Certified Professional Cloud DevOps Engineer | Dumps | Mock Test
You are the on-call SRE for a growing media company. You are managing an application deployed on Compute Engine within a custom VPC. The application accepts user traffic from anywhere using HTTPS. You have been tasked with logging all failed incoming SSH traffic to the GCE instances.
How will you achieve this?
A. Create a firewall rule that denies ingress traffic on Port 22 from anywhere to the VPC network and turn on Logs .
B. Create a firewall rule that allows ingress traffic on Port 22 from anywhere to the VPC network and turn on Logs.
C. Create a firewall rule that denies egress traffic on Port 22 from anywhere to the VPC network and turn on Logs.
D. Create a firewall rule that allows egress traffic on Port 22 from anywhere to the VPC network and turn on Logs.
Correct Answer: A
- Options A is CORRECT. The firewall rule should deny ingress (incoming) traffic on port 22 (SSH) and logging should be turned on, so the logs appear in Cloud Logging.
- Option B is incorrect. The firewall should deny ingress (incoming) and not allow traffic.
- Option C and D are incorrect. The firewall should affect ingress (incoming) not egress (outgoing).
Reference:
Comments are closed, but trackbacks and pingbacks are open.