Practice Test 2 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test
As the Network engineer in your company, you have create an ingress firewall rule for http traffic into all GCE instances hosting a public-facing application with the tag web-server. You can see the logs of all allowed http traffic but do not see the logs for denied SSH traffic from 0.0.0.0/0 to the instances.
How do you fix this?
A. Create an egress firewall rule denying SSH for the network and turn on firewall logs.
B. Create an ingress firewall rule denying SSH for the network and turn on firewall logs.
C. Create an egress firewall rule denying SSH for the target tags web-server and turn on firewall logs.
D. Create an ingress firewall rule denying SSH for the target tags web-server and turn on firewall logs.
Answer: D
Options A and C is incorrect, what is needed is an ingress rule.
Option B is incorrect, you need the firewall rule should be for specified target tags i.e. webserver.
Options D is correct, it is an ingress rule for the specified tags and firewall logs is turned on.
https://cloud.google.com/vpc/docs/firewall-rules-logging explains more on firewall logging
Comments are closed, but trackbacks and pingbacks are open.