Practice Test 2 | Google Cloud Certified Professional Cloud Security Engineer | Dumps | Mock Test
A GCP VPC has two subnets, subnet A and subnet B, with one Compute engine instance each. You have created two firewall rules with logging enabled.
- Rule 1 is an egress firewall rule to deny traffic from the instances in the network to subnet B on port 80.
- Rule 2 is an ingress firewall rule to allow traffic to all the instances in the network from subnet A on port 80.
The Compute Engine in subnet A attempts to connect to the Compute Engine in Subnet B.
Which of the following statements is TRUE?
A. Traffic from VM B to VM A is allowed, and a log entry for rule 2 is created.
B. Traffic from VM B to VM A is denied, and a log entry for rule 2 is created.
C. Traffic from VM A to VM B is allowed, and a log entry for rule 1 is created.
D. Traffic from VM A to VM B is denied, and a log entry for rule 1 is created.
Correct Answer: D
- Option A is incorrect. Rule 2 is an ingress rule, not an egress, and no logs will be created.
- Option B is incorrect. Rule 2 is an ingress rule, not an egress, and no logs will be created.
- Option C is incorrect. Traffic from VM A to VM B will be denied, and no logs will be created.
- Option D is CORRECT. Traffic from VM A to VM B will be denied, and logs for Rule 1 will be created.
Reference:
Comments are closed, but trackbacks and pingbacks are open.