Answer-first summary for fast verification
Answer: Enable VPC Flow Logs for the subnet. Analyze the logs and get the source IP addresses from the connection field.
To analyze incoming traffic and identify the source IP addresses during a suspected denial-of-service attack, VPC Flow Logs are the correct tool as they capture network traffic metadata, including source and destination IPs. Data Access audit logs (options A and D) track configuration changes and API calls, not actual traffic data. Option B suggests using VPC Flow Logs for the subnet, which is correct, but the 'connection' field is not the exact field name—source IPs are in the 'src_ip' field. However, among the provided options, B is the closest valid choice. Option C incorrectly refers to 'src_location' (geographic data, not raw IPs) and has a typo in the VPC reference.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
To investigate potential denial-of-service traffic targeting a VM in your default VPC, which Google Cloud service or method should you use to analyze the source of incoming traffic?
A
Enable Data Access audit logs of the VPC. Analyze the logs and get the source IP addresses from the subnetworks.get field.
B
Enable VPC Flow Logs for the subnet. Analyze the logs and get the source IP addresses from the connection field.
C
Enable VPC Flow Logs for the VPAnalyze the logs and get the source IP addresses from the src_location field.
D
Enable Data Access audit logs of the subnet. Analyze the logs and get the source IP addresses from the networks.get field.