Practice Test 4 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test
Your team is managing the network security of a three-tier (app, web, and database) application which has all tiers deployed to one subnet. The web tier can communicate with users from the internet & the app tier, the app tier can communicate with the database tier. No other communications between the tiers is allowed.
Which of the following is not a valid firewall rule for these requirements?
A. Action: Allow
Direction: Ingress
Target tags: web
Source filter: IP ranges
Source IP ranges: 0.0.0.0/0
B. Action: Allow
Direction: Ingress
Target tags: app
Source filter: Source tags
Source tags: web
C. Action: Allow
Direction: Egress
Target tags: app
Source filter: Source tags
Source tags: web
D. Action: Allow
Direction: Ingress
Target tags: database
Source filter: Source tags
Source tags: app
Answer: C
Option A, B and D is correct, these rules allow traffic to the web from the internet, traffic from the web to the app tier and traffic from the app to the database tier using tags.
Options C is incorrect, it is an egress rule which is not needed. By default all traffic is allowed out.
Reference:
Comments are closed, but trackbacks and pingbacks are open.