Topic 1 Question 141
Your organization is implementing a new security policy to control how firewall rules are applied to control flows between virtual machines (VMs). Using Google-recommended practices, you need to set up a firewall rule to enforce strict control of traffic between VM A and VM B. You must ensure that communications flow only from VM A to VM B within the VPC, and no other communication paths are allowed. No other firewall rules exist in the VPC. Which firewall rule should you configure to allow only this communication path?
Firewall rule direction: ingress
Action: allow -
Target: VM B service account - Source ranges: VM A service account Priority: 1000
Firewall rule direction: ingress
Action: allow -
Target: specific VM B tag - Source ranges: VM A tag and VM A source IP address Priority: 1000
Firewall rule direction: ingress
Action: allow -
Target: VM A service account - Source ranges: VM B service account and VM B source IP address Priority: 100
Firewall rule direction: ingress
Action: allow -
Target: specific VM A tag - Source ranges: VM B tag and VM B source IP address Priority: 100
ユーザの投票
コメント(8)
- 正解だと思う選択肢: A
changing to A. If we follow what the documentation say's, A is the correct: "If you need strict control over how firewall rules are applied to VMs, use target service accounts and source service accounts instead of target tags and source tags" https://cloud.google.com/vpc/docs/firewalls#service-accounts-vs-tags
👍 5pfilourenco2022/12/10 - 正解だと思う選択肢: A
A) Correct, to provider only flow between VMs from A. B) Wrong, second filter logic is OR operator. “Set additional filters to apply your rule to specific sources of traffic. The filter logic is "Source filter" OR "Second source filter” C and D) wrong, target should be VM B.
👍 3ccieman20162022/12/04 - 正解だと思う選択肢: B
Using Google-recommended practices B is the correct. tags vs service account's. The answer is saying that we have 2 source filters(x and y) and not the AND/OR logic.
👍 3pfilourenco2022/12/04
シャッフルモード