Practice Test 2 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test

Question 31

As the Network engineer in your company, you have create an ingress firewall rule for http traffic into all GCE instances hosting a public-facing application with the tag web-server. You can see the logs of all allowed http traffic but do not see the logs for denied SSH traffic from 0.0.0.0/0 to the instances.

How do you fix this?

A. Create an egress firewall rule denying SSH for the network and turn on firewall logs.
B. Create an ingress firewall rule denying SSH for the network and turn on firewall logs.
C. Create an egress firewall rule denying SSH for the target tags web-server and turn on firewall logs.
D. Create an ingress firewall rule denying SSH for the target tags web-server and turn on firewall logs.

Answer

Answer: D

Options A and C is incorrect, what is needed is an ingress rule.

Option B is incorrect, you need the firewall rule should be for specified target tags i.e. webserver.

Options D is correct, it is an ingress rule for the specified tags and firewall logs is turned on.

https://cloud.google.com/vpc/docs/firewall-rules-logging explains more on firewall logging

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50

PCNE

Practice Test 2 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test

Question 31

Answer

Ads Blocker Detected!!!