Answer-first summary for fast verification
Answer: Crate three packet mirroring policies: one for each zone. Create one group of collector instances for the us-west2 region. Configure each packet mirroring policy to match traffic for its zone based on instance-tags, and create a filter for TCP traffic.
To minimize inter-zonal egress costs, Google recommends creating separate packet mirroring policies for each zone and using a regional managed instance group (MIG) for collectors. This ensures mirrored traffic stays within the same zone. Option A correctly creates three zonal policies (one per zone) to scope traffic to instances in their respective zones using instance tags. The regional collector group (MIG) with instances in all zones ensures traffic is processed within the same zone, avoiding cross-zone costs. Option B uses a single regional policy, which might inadvertently include unintended instances across zones and risks cross-zone traffic if the collector group lacks instances in all zones. Option C creates redundant zonal collector groups, adding unnecessary management overhead, whereas a regional MIG is more efficient. Option D uses subnets instead of instance tags, which does not align with the question's requirement to match traffic via instance tags. Thus, Option A follows Google-recommended practices by combining zonal policies with a regional collector group to minimize costs.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are designing a packet mirroring policy for network security in your gaming workload infrastructure, which is deployed across zones us-west2-a, us-west2-b, and us-west2-c in the us-west2 region. The infrastructure hosts a web-based application on TCP ports 80 and 443, along with game servers using UDP. To monitor web application traffic while minimizing inter-zonal egress costs, how should you deploy the packet mirroring policies and collector instances following Google-recommended best practices?
A
Crate three packet mirroring policies: one for each zone. Create one group of collector instances for the us-west2 region. Configure each packet mirroring policy to match traffic for its zone based on instance-tags, and create a filter for TCP traffic.
B
Create one packet mirroring policy for the us-west2 region. Create one group of collector instances for the us-west2 region. Configure the packet mirroring policy to match traffic for web server instances based on instance-tags, and create a filter for TCP traffic.
C
Create three packet mirroring policies: one for each zone. Create three groups of collector instances: one group for each zone. Configure each policy to match traffic for its zone based on instance-tags, and create a filter for TCP traffic.
D
Create three packet mirroring policies: one for each zone. Create three groups of collector instances: one group for each zone. Configure each policy to match traffic for its zone based on subnets, and create a filter for TCP traffic.