Answer-first summary for fast verification
Answer: Firewall rule direction: ingress Action: allow - Target: specific VM B tag - Source ranges: VM A tag and VM A source IP address Priority: 1000
The question requires setting up a firewall rule to allow traffic only from VM A to VM B within the VPC. The correct firewall rule should have an ingress direction to allow incoming traffic to VM B (the target) from VM A (the source). Using network tags for both the target and source is a Google-recommended practice for flexibility and manageability. Option B correctly specifies the target as VM B using a specific tag and the source as VM A's tag along with its IP address, ensuring that only traffic from VM A to VM B is allowed. The priority of 1000 ensures this rule takes precedence over any potential future rules with lower priorities. Options A, C, and D are incorrect because they either misuse service accounts, target the wrong VM, or have incorrect priorities.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization is enforcing a new security policy to manage firewall rules for traffic control between virtual machines (VMs). Following Google-recommended practices, you must create a firewall rule to strictly regulate traffic between VM A and VM B within the VPC. The rule should permit only unidirectional communication from VM A to VM B and block all other traffic paths. Assume no other firewall rules exist in the VPC. What firewall rule configuration will achieve this requirement?
A
Firewall rule direction: ingress Action: allow - Target: VM B service account - Source ranges: VM A service account Priority: 1000
B
Firewall rule direction: ingress Action: allow - Target: specific VM B tag - Source ranges: VM A tag and VM A source IP address Priority: 1000
C
Firewall rule direction: ingress Action: allow - Target: VM A service account - Source ranges: VM B service account and VM B source IP address Priority: 100
D
Firewall rule direction: ingress Action: allow - Target: specific VM A tag - Source ranges: VM B tag and VM B source IP address Priority: 100
No comments yet.