Your company deployed Cloud Next Generation Firewall Enterprise (Cloud NGFW Enterprise). You have already created a CA pool and a CA in Certificate Authority Service. You need to enable TLS inspection. What should you do?
A.
Grant the network security service agent service account the privateca.certificateRequester role. Create a TLS inspection policy linking to the CA pool. Configure your VPC endpoint associations to use the TLS inspection policy. Flip the TLS inspection flag in your firewall policy rules to true.
B.
Grant the network security service agent service account the privateca.poolReader role. Create a TLS inspection policy linking to the CA pool. Configure your VPC endpoint associations to use the TLS inspection policy. Flip the TLS inspection flag in your firewall policy rules to true.
C.
Grant the network security service agent service account the privateca.certificateRequester role. Create a trust config in Certificate Manager Flip the TLS inspection flag in your firewall policy rules to true.
D.
Grant the network security service agent service account the privateca.certificateRequester role. Create a trust config in Certificate Manager. Flip the TLS inspection flag in your firewall policy rules to true.
A is correct.
CA Service Certificate Requester
roles/privateca.certificateRequester privateca.certificates.create A CA Service Certificate Requester role can submit certificate requests to a CA pool. We recommend that you grant this role to trusted individuals who are allowed to request certificates.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Gwendal
1 month, 1 week agoRKS_2021
2 months, 1 week ago