Topic 1 Question 121
In your project my-project, you have two subnets in a Virtual Private Cloud (VPC): subnet-a with IP range 10.128.0.0/20 and subnet-b with IP range 172.16.0.0/24. You need to deploy database servers in subnet-a. You will also deploy the application servers and web servers in subnet-b. You want to configure firewall rules that only allow database traffic from the application servers to the database servers. What should you do?
Create network tag app-server and service account [email protected]. Add the tag to the application servers, and associate the service account with the database servers. Run the following command: gcloud compute firewall-rules create app-db-firewall-rule
--action allow
--direction ingress
--rules top:3306
--source-tags app-server
--target-service-accounts [email protected] project.iam.gserviceaccount.comCreate service accounts [email protected] and [email protected]. Associate service account sa-app with the application servers, and associate the service account sa-db with the database servers. Run the following command: gcloud compute firewall-rules create app-db-firewall-ru --allow TCP:3306
--source-service-accounts [email protected] demo.iam.gserviceaccount.com
--target-service-accounts [email protected] project.iam.gserviceaccount.comCreate service accounts [email protected] and [email protected]. Associate the service account sa-app with the application servers, and associate the service account sa-db with the database servers. Run the following command: gcloud compute firewall-rules create app-db-firewall-ru --allow TCP:3306
--source-ranges 10.128.0.0/20
--source-service-accounts [email protected] project.iam.gserviceaccount.com
--target-service-accounts [email protected] project.iam.gserviceaccount.comCreate network tags app-server and db-server. Add the app-server tag to the application servers, and add the db-server tag to the database servers. Run the following command: gcloud compute firewall-rules create app-db-firewall-rule
--action allow
--direction ingress
--rules tcp:3306
--source-ranges 10.128.0.0/20
--source-tags app-server
--target-tags db-server
ユーザの投票
コメント(6)
- 正解だと思う選択肢: B
C and D is wrong, source address can be subnet-b (172.16.0.0/24) A is wrong, syntax error.
B is correct, https://cloud.google.com/sdk/gcloud/reference/compute/firewall-rules/create
👍 7ccieman20162022/12/03 - 正解だと思う選択肢: B
B is the correct, source address can only be subnet-b (172.16.0.0/24) and A is wrong because you can't have source tags and destination SA's.
👍 2pfilourenco2022/12/10 - 正解だと思う選択肢: D
D is correct!
👍 1pfilourenco2022/12/04
シャッフルモード