Google Professional Cloud Network Engineer

Get started today

Ultimate access to all questions.

Explanation:

The correct approach involves using hierarchical firewall policies to enforce the security requirements across all projects and VPCs under the organization. Hierarchical firewall policies are evaluated before VPC firewall rules, ensuring that the specified rules cannot be bypassed by VPC-level configurations. The correct configuration is to first allow SSH (TCP port 22) from the corporate IP address with a higher priority (lower numerical value) and then deny SSH from all other IP addresses with a lower priority (higher numerical value). This ensures that the allow rule takes precedence for the corporate IP, and the deny rule effectively blocks all other IP addresses, adhering to the security team's requirements.

Explanation:

Comments (0)

No comments yet.

You are tasked with configuring firewall policies in Google Cloud to meet strict security requirements:

Always allow SSH access from your corporate IP address.

Deny SSH access from all other IP addresses.

Given that your organization has multiple projects and VPCs, how would you enforce these requirements while preventing other VPC firewall rules from bypassing them?

Exam-Like

Last updated: March 30, 2026 at 14:04

Configure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 0. 2. Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 1.

100.0%

Configure a VPC firewall rule to allow TCP port 22 for your corporate IP address with priority 0. 2. Configure a VPC firewall rule to deny TCP port 22 for all IP addresses with priority 1.

0.0%

Configure a VPC firewall rule to allow TCP port 22 for your corporate IP address with priority 1. 2. Configure a VPC firewall rule to deny TCP port 22 for all IP addresses with priority 0.

Configure a hierarchical firewall policy to the organization node to allow TCP port 22 for your corporate IP address with priority 1 2. Configure a hierarchical firewall policy to the organization node to deny TCP port 22 for all IP addresses with priority 0.