Topic 1 Question 114
You are configuring an HA VPN connection between your Virtual Private Cloud (VPC) and on-premises network. The VPN gateway is named VPN_GATEWAY_1. You need to restrict VPN tunnels created in the project to only connect to your on-premises VPN public IP address: 203.0.113.1/32. What should you do?
Configure a firewall rule accepting 203.0.113.1/32, and set a target tag equal to VPN_GATEWAY_1.
Configure the Resource Manager constraint constraints/compute.restrictVpnPeerIPs to use an allowList consisting of only the 203.0.113.1/32 address.
Configure a Google Cloud Armor security policy, and create a policy rule to allow 203.0.113.1/32.
Configure an access control list on the peer VPN gateway to deny all traffic except 203.0.113.1/32, and attach it to the primary external interface.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: B
I think this question in security scope exam.
B is correct.
https://cloud.google.com/blog/topics/developers-practitioners/limiting-public-ips-google-cloud
👍 4ccieman20162022/12/03 - 正解だと思う選択肢: B
b is right To control the list of peer IP addresses that users can specify when creating Cloud VPN tunnels, use the Resource Manager constraint constraints/compute.restrictVpnPeerIPs.
👍 3nosense2022/12/02 Correct answer - B
To ensure that your VPN gateway is protected, use the org policy constraint named constraints/compute.restrictVpnPeerIPs. This constraint will limit the public IPs that are allowed to initiate IPSec sessions with your VPN gateway.
👍 2jitu0282022/12/09
シャッフルモード