Your company's security team tends to use managed services when possible. You need to build a dashboard to show the number of deny hits that occur against configured firewall rules without increasing operational overhead. What should you do?
A.
Configure Firewall Rules Logging. Use Firewall Insights to display the number of hits.
B.
Configure Firewall Rules Logging. View the logs in Cloud Logging, and create a custom dashboard in Cloud Monitoring to display the number of hits.
C.
Configure a firewall appliance from the Google Cloud Marketplace. Route all traffic through this appliance, and apply the firewall rules at this layer. Use the firewall appliance to display the number of hits.
D.
Configure Packet Mirroring on the VPC. Apply a filter with an IP address list of the Denied Firewall rules. Configure an intrusion detection system (IDS) appliance as the receiver to display the number of hits.
Option A is a valid approach, but it may increase operational overhead if you need to handle a large volume of logs or if you need to customize the display of the logs. Firewall Rules Logging captures firewall activity logs in real-time, and you can export these logs to other services like Cloud Storage, BigQuery, or Pub/Sub for further analysis. However, you would need to use another service like Firewall Insights to display the number of deny hits, which would require additional configuration and setup.
Option B is a better solution because it provides greater flexibility in creating custom dashboards and reports for firewall rule activity logs. Cloud Logging provides a central location for storing, analyzing, and monitoring logs from multiple Google Cloud services, including firewall activity logs. With Cloud Monitoring, you can create custom dashboards and alerts based on the logs' data to monitor and track firewall rules' deny hits.
In summary, both options are valid solutions, but option B offers greater flexibility and customization capabilities.
Firewall Rules Logging is a managed service that logs all firewall rule hits in Cloud Logging.
Firewall Insights (a feature of Google Cloud's Network Intelligence Center) analyzes firewall logs automatically and provides insights, including the number of deny hits.
Minimal operational overhead since it’s a built-in GCP feature that does not require additional infrastructure.
Why not the other options?
B. Custom Cloud Monitoring dashboard:
While possible, it requires manual setup in Cloud Monitoring, increasing operational overhead.
Firewall Insights already provides this data automatically, making option A a more efficient choice.
Answer is B:
https://cloud.google.com/network-intelligence-center/docs/firewall-insights/how-to/view-metrics
Look at the bottom of the page...
"You can use Monitoring dashboards and their associated charts to visualize the data for the Firewall Insights metrics described in the preceding sections.
To monitor these metrics in Monitoring, you can create custom dashboards. You can also add alerts based on these metrics."
The correct answer is B as firewall insights doesn't show hits against DENY rules: https://cloud.google.com/network-intelligence-center/docs/firewall-insights/concepts/overview#insights
B. Insights are good for recommendation no dashboards
moreover Insight
Overly permissive rule insights, including each of the following:
Allow rules with no hits
Allow rules that are unused based on trend analysis (preview)
Allow rules with unused attributes
Allow rules with overly permissive IP addresses or port ranges
Deny rule insights with no hits during the observation period.
• A. Configure Firewall Rules Logging. Use Firewall Insights to display the number ***** of hits.
With Firewall Insights metrics, you can perform the following tasks:
• Verify that firewall rules are used in an intended way.
• Over specified periods, verify that firewall rules allow or block their intended connections.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Komal697
Highly Voted 1 year, 7 months agoKomal697
1 year, 7 months agoAzureDP900
Highly Voted 1 year, 11 months agomohitms1996
Most Recent 1 month ago1f01b87
1 month, 2 weeks agodesertlotus1211
8 months, 2 weeks agogonlafer
8 months, 2 weeks agogcpengineer
1 year, 2 months agodidek1986
1 year, 2 months agorglearn
1 year, 3 months agoAndreyv
1 year, 3 months agomcjim
1 year, 5 months agomondigo
1 year, 7 months agomondigo
1 year, 7 months agoexambott
1 year, 9 months agopk349
1 year, 9 months agoccieman2016
1 year, 11 months ago