Practice Test 2 | Google Cloud Certified Professional Cloud Security Engineer | Dumps | Mock Test
Your company intends to deploy an internal application on Managed Instance in a custom VPC. You have been tasked to ensure that no traffic can get to the internet.
Which of the following help meet the requirement? Choose TWO.
A. Ensure that the instances in the MIG do not have external IPs.
B. Create a Cloud NAT to allow the instances to access Google APIs such as Cloud Storage.
C. Create a firewall rule to deny all egress traffic to destination 0.0.0.0/0.
D. Create a custom route to allow the instances to access Google APIs such as Cloud Storage.
E. Create a firewall rule to deny all ingress traffic from source 0.0.0.0/0.
Correct Answers: A and C
- Option A is CORRECT. This ensures that the instances cannot connect to the internet without Cloud NAT.
- Option B is incorrect. Cloud NAT gives access to the internet, and the requirement is to deny access.
- Option C is CORRECT. This option overrides the default Implied egress rule in the VPC that allows traffic out to the internet.
- Option D is incorrect. This does not deny internet access.
- Option E is incorrect. The firewall is denying incoming traffic which is not the requirement.
References:
Comments are closed, but trackbacks and pingbacks are open.