Topic 1 Question 163
2 つ選択You need to audit the network segmentation for your Google Cloud footprint. You currently operate Production and Non-Production infrastructure-as-a-service (IaaS) environments. All your VM instances are deployed without any service account customization. After observing the traffic in your custom network, you notice that all instances can communicate freely
" despite tag-based VPC firewall rules in place to segment traffic properly" with a priority of 1000. What are the most likely reasons for this behavior?All VM instances are missing the respective network tags.
All VM instances are residing in the same network subnet.
All VM instances are configured with the same network route.
A VPC firewall rule is allowing traffic between source/targets based on the same service account with priority 999. E . A VPC firewall rule is allowing traffic between source/targets based on the same service account with priority 1001.
ユーザの投票
コメント(11)
maybe A . any idea please.
👍 3redgoose68102022/10/02D. priority 999 is a higher priority than 1000, so if 999 has allow all policy then any deny policy with lower priority will not be applied.
👍 3soltium2022/10/12- 正解だと思う選択肢: AD
A. All VM instances are missing the respective network tags. D. A VPC firewall rule is allowing traffic between source/targets based on the same service account with priority 999.
If all the VM instances in your Google Cloud environment are able to communicate freely despite tag-based VPC firewall rules in place, it is likely that the instances are missing the necessary network tags. Without the appropriate tags, the firewall rules will not be able to properly segment the traffic. Another possible reason for this behavior could be the existence of a VPC firewall rule that allows traffic between source and target instances based on the same service account, with a priority of 999. This rule would take precedence over the tag-based firewall rules with a priority of 1000. It is unlikely that all the VM instances are residing in the same network subnet or configured with the same network route, or that there is a VPC firewall rule allowing traffic with a priority of 1001.
👍 3GCParchitect20222023/01/07
シャッフルモード