Exam Professional Cloud Network Engineer topic 1 question 206 discussion

Actual exam question from Google's Professional Cloud Network Engineer

Question #: 206
Topic #: 1

[All Professional Cloud Network Engineer Questions]

Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?

A. Enable Cloud Armor TLS inspection policy, and associate the policy with the backend VMs.
B. Use Cloud NGFW Essentials. Create a firewall rule for egress traffic, and enable VPC Flow Logs with the TLS inspect option. Analyze the output logs content and block the outputs that have malicious activities.
C. Configure a TLS agent on every VM to intercept TLS traffic before it reaches the internet. Configure Sensitive Data Protection to analyze and allow/deny the content.
D. Use Cloud NGFW Enterprise. Create a firewall rule for egress traffic with the --tls-inspect flag, and associate the firewall rules with the VMs.

Show Suggested Answer

Suggested Answer: D 🗳️

by n2183712847 at April 30, 2025, 11:41 p.m.

Comments

Submit Cancel

n2183712847

1 month, 2 weeks ago

Selected Answer: D

D. Use Cloud NGFW Enterprise. Create a firewall rule for egress traffic with the --tls-inspect flag, and associate the firewall rules with the VMs.

upvoted 1 times

...