Answer-first summary for fast verification
Answer: • Create service accounts sa-app and sa-db. • Associate service account sa-app with the application servers and the service account sa-db with the database servers. • Create an ingress firewall rule to allow network traffic from source service account sa-app to target service account sa-db.
The correct option is A. This is because ingress firewall rules are used to control incoming traffic, which matches the requirement to allow network traffic from application servers to the database servers. The use of service accounts creates a higher level of identity-based access control, ensuring that only traffic from the specified application servers is allowed to reach the database servers. Therefore, creating service accounts for both application and database servers and establishing an ingress firewall rule using those service accounts is the appropriate and secure approach.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
In the default Virtual Private Cloud (VPC) of your Google Cloud environment, two subnets exist: subnet-a and subnet-b. Subnet-a hosts your database servers, while subnet-b hosts your application servers and web servers. Your goal is to create a firewall rule that strictly permits database traffic from application servers (located in subnet-b) to the database servers (located in subnet-a). What steps should you take to accomplish this configuration?
A
• Create service accounts sa-app and sa-db. • Associate service account sa-app with the application servers and the service account sa-db with the database servers. • Create an ingress firewall rule to allow network traffic from source service account sa-app to target service account sa-db.
B
• Create network tags app-server and db-server. • Add the app-server tag to the application servers and the db-server tag to the database servers. • Create an egress firewall rule to allow network traffic from source network tag app-server to target network tag db-server.
C
• Create a service account sa-app and a network tag db-server. • Associate the service account sa-app with the application servers and the network tag db-server with the database servers. • Create an ingress firewall rule to allow network traffic from source VPC IP addresses and target the subnet-a IP addresses.
D
• Create a network tag app-server and service account sa-db. • Add the tag to the application servers and associate the service account with the database servers. • Create an egress firewall rule to allow network traffic from source network tag app-server to target service account sa-db.