Answer-first summary for fast verification
Answer: 1. Configure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 0. 2. Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 1.
The correct approach involves using hierarchical firewall policies to enforce the security requirements across all projects and VPCs under the organization. Hierarchical firewall policies are evaluated before VPC firewall rules, ensuring that the specified rules cannot be bypassed by VPC-level configurations. The correct configuration is to first allow SSH (TCP port 22) from the corporate IP address with a higher priority (lower numerical value) and then deny SSH from all other IP addresses with a lower priority (higher numerical value). This ensures that the allow rule takes precedence for the corporate IP, and the deny rule effectively blocks all other IP addresses, adhering to the security team's requirements.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are tasked with configuring firewall policies in Google Cloud to meet strict security requirements:
Given that your organization has multiple projects and VPCs, how would you enforce these requirements while preventing other VPC firewall rules from bypassing them?
A
B
C
D
No comments yet.