Topic 3 Question 2

Professional Cloud Architect

Topic 3 Question 2
For this question, refer to the Helicopter Racing League (HRL) case study. Recently HRL started a new regional racing league in Cape Town, South Africa. In an effort to give customers in Cape Town a better user experience, HRL has partnered with the Content Delivery Network provider, Fastly. HRL needs to allow traffic coming from all of the Fastly IP address ranges into their Virtual Private Cloud network (VPC network). You are a member of the HRL security team and you need to configure the update that will allow only the Fastly IP address ranges through the External HTTP(S) load balancer. Which command should you use?
- gcloud compute security-policies rules update 1000 \ --security-policy from-fastly \ --src-ip-ranges * \ --action ג€allowג€
- gcloud compute firewall rules update sourceiplist-fastly \ --priority 100 \ --allow tcp:443
- gcloud compute firewall rules update hir-policy \ --priority 100 \ --target-tags=sourceiplist-fastly \ --allow tcp:443
- gcloud compute security-policies rules update 1000 \ --security-policy hir-policy \ --expression ג€evaluatePreconfiguredExpr('sourceiplist-fastly')ג€ \ --action ג€allowג€
解説
Reference: https://cloud.google.com/load-balancing/docs/https

ユーザの投票
コメント(17)
- D https://cloud.google.com/armor/docs/troubleshooting#security-policy
  
  👍 9
  cloudstd2021/06/30
- Answer is D
  
  👍 9
  MamthaSJ2021/07/08
- D is correct here because Fastly provide a named ip list which can be used with --expression. https://cloud.google.com/armor/docs/armor-named-ip#ip-list-providers
  
  👍 5
  Rzla2021/09/07
シャッフルモード

解説

ユーザの投票

コメント(17)