In the default Virtual Private Cloud (VPC) of your Google Cloud environment, two subnets exist: subnet-a and subnet-b. Subnet-a hosts your database servers, while subnet-b hosts your application servers and web servers. Your goal is to create a firewall rule that strictly permits database traffic from application servers (located in subnet-b) to the database servers (located in subnet-a). What steps should you take to accomplish this configuration?

Exam-Like

• Create service accounts sa-app and sa-db. • Associate service account sa-app with the application servers and the service account sa-db with the database servers. • Create an ingress firewall rule to allow network traffic from source service account sa-app to target service account sa-db.

43.3%

• Create network tags app-server and db-server. • Add the app-server tag to the application servers and the db-server tag to the database servers. • Create an egress firewall rule to allow network traffic from source network tag app-server to target network tag db-server.

20.9%

• Create a service account sa-app and a network tag db-server. • Associate the service account sa-app with the application servers and the network tag db-server with the database servers. • Create an ingress firewall rule to allow network traffic from source VPC IP addresses and target the subnet-a IP addresses.

19.4%

• Create a network tag app-server and service account sa-db. • Add the tag to the application servers and associate the service account with the database servers. • Create an egress firewall rule to allow network traffic from source network tag app-server to target service account sa-db.

16.4%

Google Associate Cloud Engineer

Get started today

Comments