ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 201 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 201
Topic #: 1
[All Professional Cloud Network Engineer Questions]

Your organization requires that all SMTP traffic to your cloud environment is blocked, except for traffic that originates from your corporate network. Your organization also requires that only specific VPCs across your Google Cloud projects will allow SMTP access from your corporate network. You need to configure a security policy that will enable this connectivity. What should you do?

  • A. 1. Configure an ingress hierarchical firewall rule with priority 10000 specifying the 0.0.0.0/0 source, TCP port 25, and the deny action.
    2. Configure an egress hierarchical firewall rule with priority 10010 specifying the source of your corporate network as TCP port 25 and the goto_next action.
    3. Associate the hierarchical firewall policy at the organization level.
    4. Configure firewall policy rules allowing TCP port 25 in the firewall policies associated with the respective VPCs that require that access.
  • B. 1. Configure an ingress hierarchical firewall rule with priority 10000 specifying the 0.0.0.0/0 source, TCP port 25, and the allow action.
    2. Associate the hierarchical firewall policy at the organization level.
    3. Configure firewall policy rules to deny TCP port 25 in the firewall policies associated with the respective VPCs that do not require that access.
  • C. 1. Configure an ingress hierarchical firewall rule with priority 10000 specifying the source of your corporate network, TCP port 25, and the goto_next action.
    2. Configure an ingress hierarchical firewall rule with priority 10010 specifying the 0.0.0.0/0 source, TCP port 25, and the deny action.
    3. Associate the hierarchical firewall policy at the organization level.
    4. Configure firewall policy rules allowing TCP port 25 in the firewall policies associated with the respective VPCs that require that access.
  • D. 1. Configure an ingress hierarchical firewall rule with priority 10000 specifying the 0.0.0.0/0 source, TCP port 25, and the deny action.
    2. Associate the hierarchical firewall policy at the organization level.
    3. Configure firewall policy rules allowing TCP port 25 in the firewall policies associated with the respective VPCs that require that access.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by 1f01b87 at March 15, 2025, 1:02 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
n2183712847
1 month, 2 weeks ago
Selected Answer: C
C The key to this solution is the correct order of operations and the understanding of hierarchical firewall rules and their precedence. By implementing a "deny all" rule at the organization level and then selectively allowing traffic in specific VPCs, you achieve the desired security posture while adhering to the organization's requirements
upvoted 1 times
...
RKS_2021
2 months, 3 weeks ago
Selected Answer: C
C is correct
upvoted 1 times
...
1f01b87
3 months ago
Selected Answer: C
C is correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel