ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 96 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 96
Topic #: 1
[All Professional Cloud Network Engineer Questions]

In your Google Cloud organization, you have two folders: Dev and Prod. You want a scalable and consistent way to enforce the following firewall rules for all virtual machines (VMs) with minimal cost:

• Port 8080 should always be open for VMs in the projects in the Dev folder.
• Any traffic to port 8080 should be denied for all VMs in your projects in the Prod folder.

What should you do?

  • A. Create and associate a firewall policy with the Dev folder with a rule to open port 8080. Create and associate a firewall policy with the Prod folder with a rule to deny traffic to port 8080.
  • B. Create a Shared VPC for the Dev projects and a Shared VPC for the Prod projects. Create a VPC firewall rule to open port 8080 in the Shared VPC for Dev. Create a firewall rule to deny traffic to port 8080 in the Shared VPC for Prod. Deploy VMs to those Shared VPCs.
  • C. In all VPCs for the Dev projects, create a VPC firewall rule to open port 8080. In all VPCs for the Prod projects, create a VPC firewall rule to deny traffic to port 8080.
  • D. Use Anthos Config Connector to enforce a security policy to open port 8080 on the Dev VMs and deny traffic to port 8080 on the Prod VMs.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ccieman2016 at Dec. 2, 2022, 2:08 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ccieman2016
Highly Voted 2 years ago
Selected Answer: A
In my opinion is A. Firewall Policy give control on organization. https://cloud.google.com/vpc/docs/firewall-policies-overview
upvoted 7 times
...
rglearn
Most Recent 1 year, 4 months ago
Selected Answer: A
Firewall policy can propagate firewall rules consistently to its descendants.
upvoted 1 times
...
terrain
1 year, 5 months ago
Answer is A. "Hierarchical firewall policies let you create and enforce a consistent firewall policy across your organization. You can assign hierarchical firewall policies to the organization as a whole or to individual folders." https://cloud.google.com/firewall/docs/firewall-policies-overview https://cloud.google.com/firewall/docs/firewall-policies
upvoted 1 times
...
Komal697
1 year, 8 months ago
Selected Answer: B
Option A creates and associates two different firewall policies with each folder. However, according to Google Cloud documentation, firewall policies cannot be directly associated with folders. Firewall policies can only be associated with organizations, projects, or subnetworks. Therefore, option A is not a valid solution to enforce firewall rules for all virtual machines in the Dev and Prod folders.
upvoted 1 times
desertlotus1211
9 months, 3 weeks ago
Wrong: ou can create and apply firewall policies at the organization or folder nodes of the resource hierarchy. A firewall policy rule can block connections, allow connections, or defer firewall rule evaluation to lower-level folders or VPC firewall rules defined in VPC networks. Organization is the top-level node in the resource hierarchy in Google Cloud where you can create or associate hierarchical firewall policies. All folders and VPC networks in the organization inherit this policy. Folders are mid-level nodes in the Google Cloud resource hierarchy, between the organization and projects, where you can create or assign hierarchical firewall policies. All folders and VPC networks in a folder inherit its associated policy.
upvoted 1 times
...
Laryoul
1 year, 6 months ago
At organization level you can associate a firewall policy with an organization or folder node. I go throught A
upvoted 1 times
...
...
AzureDP900
2 years ago
A. Create and associate a firewall policy with the Dev folder with a rule to open port 8080. Create and associate a firewall policy with the Prod folder with a rule to deny traffic to port 8080.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel