Exam Professional Cloud Security Engineer topic 1 question 65 discussion

Answer is B. Lower number is higher priority and dest is only IP ranges in firewall rules

I think I am confusing myself by overthinking the wording of this question. I know the answer is A or B since "using hostname is not one of the options in firewall egress rule destination" I also know that "The firewall rule priority is an integer from 0 to 65535, inclusive. Lower integers indicate higher priorities." I know that I could resolve this by setting TCP port 80 rule to a priority of 500 (smaller number, but higher priority) and be done. Where i'm second guessing myself, is Google referring to the integer or strictly priority? If integer then i'd choose B "priority less than 1000 (smaller number)", if priority then i'd choose A "priority greater than 1000" (still the lower number). Have I thoroughly confused this question? I"m leaning toward the answer being "A:

While the priority is correct, Google Cloud firewall rules do not support hostname-based filtering. You must use a CIDR range.

B is correct.

Ans in B lower number higher priority

Answer is B

https://cloud.google.com/vpc/docs/firewalls#priority_order_for_firewall_rules

B is correct

First filter is priority should be less than 1000. So, option A and C are rejected. Then, we use CIDR range to allow firewall. So, the final answer is B.

B. Create an egress firewall rule to allow traffic to the CIDR range of the repository with a priority less than 1000. Firewall rules only support IPv4 connections. When specifying a source for an ingress rule or a destination for an egress rule by address, you can only use an IPv4 address or IPv4 block in CIDR notation. So Answer is B

The correct answer is A. As per the link https://cloud.google.com/vpc/docs/firewalls#rule_assignment Lowest priority in the firewall rule is 65535. So in order for a rule to be of higher priority than 1000 the rule should have a priority of number less than 1000.

Ans : B

Answer: B https://cloud.google.com/vpc/docs/firewalls#rule_assignment The priority of the second rule determines whether TCP traffic to port 80 is allowed for the webserver targets: If the priority of the second rule is set to a number greater than 1000, it has a lower priority, so the first rule denying all traffic applies. If the priority of the second rule is set to 1000, the two rules have identical priorities, so the first rule denying all traffic applies. If the priority of the second rule is set to a number less than 1000, it has a higher priority, thus allowing traffic on TCP 80 for the webserver targets. Absent other rules, the first rule would still deny other types of traffic to the webserver targets, and it would also deny all traffic, including TCP 80, to instances without the webserver tag.

The firewall rule priority is an integer from 0 to 65535, inclusive. Lower integers indicate higher priorities. If you do not specify a priority when creating a rule, it is assigned a priority of 1000.

Answer-B

It should be B. Firewall rules can be only specify by IPv4 address or IPv4 block in CIDR. And it must be lesser priority than 1000 because if more than that, it will overwrite the deny rule.

Ans should be A using hostname is not one of the options in firewall egress rule destination https://cloud.google.com/vpc/docs/firewalls#gcp_firewall_rule_summary_table