Google Professional Cloud Network Engineer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
In your project my-project, you have a VPC with two subnets: subnet-a (IP range 10.128.0.0/20) for database servers and subnet-b (IP range 172.16.0.0/24) for application and web servers. How would you configure firewall rules to restrict database traffic so that only application servers in subnet-b can communicate with the database servers in subnet-a?
Explanation:
The correct approach involves using service accounts for both the source (application servers) and target (database servers) to ensure secure and precise traffic control. Option B is the most accurate as it correctly specifies the use of service accounts and the correct protocol (TCP:3306) for database traffic. Although there's a minor typo in the source service account's domain, the overall structure and methodology align with Google Cloud's best practices for firewall rule configuration. Other options either misuse protocol specifications, incorrect IP ranges, or mix incompatible filtering methods, which could lead to security vulnerabilities or unintended access.