ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 147 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 147
Topic #: 1
[All Professional Cloud Network Engineer Questions]

You are responsible for configuring firewall policies for your company in Google Cloud. Your security team has a strict set of requirements that must be met to configure firewall rules.

• Always allow Secure Shell (SSH) from your corporate IP address.
• Restrict SSH access from all other IP addresses.

There are multiple projects and VPCs in your Google Cloud organization. You need to ensure that other VPC firewall rules cannot bypass the security team’s requirements. What should you do?

  • A. 1. Configure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 0.
    2. Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 1.
  • B. 1. Configure a VPC firewall rule to allow TCP port 22 for your corporate IP address with priority 0.
    2. Configure a VPC firewall rule to deny TCP port 22 for all IP addresses with priority 1.
  • C. 1. Configure a VPC firewall rule to allow TCP port 22 for your corporate IP address with priority 1.
    2. Configure a VPC firewall rule to deny TCP port 22 for all IP addresses with priority 0.
  • D. 1. Configure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 1
    2. Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 0.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ccieman2016 at Dec. 4, 2022, 4:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ccieman2016
Highly Voted 1 year, 6 months ago
Selected Answer: A
A is correct.
upvoted 10 times
...
rglearn
Most Recent 10 months, 3 weeks ago
Option A - No Brainer
upvoted 2 times
...
desertlotus1211
1 year ago
The key is multiple projects and VCPs. You can do a the VPC FW level, but you'll have to configure on ALL VPCs... Better to have it at the Organizational level. Answer A
upvoted 1 times
...
pk349
1 year, 5 months ago
• A. 1. Configure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 0. ***** 2. Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 1.
upvoted 1 times
...
AzureDP900
1 year, 6 months ago
A. 1. Configure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 0. 2. Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 1.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel