Topic 1 Question 96
In your Google Cloud organization, you have two folders: Dev and Prod. You want a scalable and consistent way to enforce the following firewall rules for all virtual machines (VMs) with minimal cost:
• Port 8080 should always be open for VMs in the projects in the Dev folder. • Any traffic to port 8080 should be denied for all VMs in your projects in the Prod folder.
What should you do?
Create and associate a firewall policy with the Dev folder with a rule to open port 8080. Create and associate a firewall policy with the Prod folder with a rule to deny traffic to port 8080.
Create a Shared VPC for the Dev projects and a Shared VPC for the Prod projects. Create a VPC firewall rule to open port 8080 in the Shared VPC for Dev. Create a firewall rule to deny traffic to port 8080 in the Shared VPC for Prod. Deploy VMs to those Shared VPCs.
In all VPCs for the Dev projects, create a VPC firewall rule to open port 8080. In all VPCs for the Prod projects, create a VPC firewall rule to deny traffic to port 8080.
Use Anthos Config Connector to enforce a security policy to open port 8080 on the Dev VMs and deny traffic to port 8080 on the Prod VMs.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: A
In my opinion is A. Firewall Policy give control on organization.
https://cloud.google.com/vpc/docs/firewall-policies-overview
👍 6ccieman20162022/12/01 A. Create and associate a firewall policy with the Dev folder with a rule to open port 8080. Create and associate a firewall policy with the Prod folder with a rule to deny traffic to port 8080.
👍 1AzureDP9002022/12/11- 正解だと思う選択肢: B
Option A creates and associates two different firewall policies with each folder. However, according to Google Cloud documentation, firewall policies cannot be directly associated with folders. Firewall policies can only be associated with organizations, projects, or subnetworks.
Therefore, option A is not a valid solution to enforce firewall rules for all virtual machines in the Dev and Prod folders.
👍 1Komal6972023/03/30
シャッフルモード