Answer-first summary for fast verification
Answer: Create an egress rule with priority 1000 to deny all traffic for all instances. Create another egress rule with priority 100 to allow the Active Directory traffic for all instances.
The correct answer is A. In Google Cloud VPC, the implied firewall rules include an implied allow egress rule with the lowest priority (65535). This means that by default, all outbound traffic is allowed unless explicitly denied by a higher priority rule. To block all traffic except for specific traffic to the Active Directory server, you should first create an egress rule with a higher priority (1000) to deny all traffic. Then, you create another egress rule with a higher priority (100) to allow the Active Directory traffic. This allows the specific Active Directory traffic while blocking all other outbound traffic from your instances.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You have a Virtual Private Cloud (VPC) network in Google Cloud where all your Compute Engine instances need to connect to an Active Directory server on specific ports. However, you want to block any other type of outbound traffic emerging from your instances. To enforce this policy, you decide to use VPC firewall rules. How should you configure the firewall rules to achieve this?
A
Create an egress rule with priority 1000 to deny all traffic for all instances. Create another egress rule with priority 100 to allow the Active Directory traffic for all instances.
B
Create an egress rule with priority 100 to deny all traffic for all instances. Create another egress rule with priority 1000 to allow the Active Directory traffic for all instances.
C
Create an egress rule with priority 1000 to allow the Active Directory traffic. Rely on the implied deny egress rule with priority 100 to block all traffic for all instances.
D
Create an egress rule with priority 100 to allow the Active Directory traffic. Rely on the implied deny egress rule with priority 1000 to block all traffic for all instances.