Topic 1 Question 122
Your organization acquired a new workload. The Web and Application (App) servers will be running on Compute Engine in a newly created custom VPC. You are responsible for configuring a secure network communication solution that meets the following requirements: ✑ Only allows communication between the Web and App tiers. ✑ Enforces consistent network security when autoscaling the Web and App tiers. ✑ Prevents Compute Engine Instance Admins from altering network traffic. What should you do?
- Configure all running Web and App servers with respective network tags. 2. Create an allow VPC firewall rule that specifies the target/source with respective network tags.
- Configure all running Web and App servers with respective service accounts. 2. Create an allow VPC firewall rule that specifies the target/source with respective service accounts.
- Re-deploy the Web and App servers with instance templates configured with respective network tags. 2. Create an allow VPC firewall rule that specifies the target/source with respective network tags.
- Re-deploy the Web and App servers with instance templates configured with respective service accounts. 2. Create an allow VPC firewall rule that specifies the target/source with respective service accounts.
ユーザの投票
コメント(8)
- 👍 11KillerGoogle2022/05/10
- 正解だと思う選択肢: D
The requirement can be fulfilled by both network tags and service accounts. To update both compute instances will have to be stopped. That means options A and B are out. Option C is out because Compute Engine Instance Admins can change network tags and avoid firewall rules. Deployment has to be done based on the instance template so that no configuration can be changed to divert the traffic.
👍 4csrazdan2022/11/28 - 正解だと思う選択肢: D
Agreed, it has to be D https://cloud.google.com/vpc/docs/firewalls#service-accounts-vs-tags
👍 2cloudprincipal2022/06/05
シャッフルモード