Google Professional Cloud Network Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Lower the priority numbers of the firewall policy rules and raise the priority numbers of the VPC firewall rules.

The issue arises because the new VPC's external traffic is being blocked by higher-priority firewall policies (hierarchical or global) before reaching the VPC's explicit deny rule, which explains the missing logs. GCP evaluates firewall rules in a fixed order: hierarchical policies first, then network policies, then VPC rules. Lowering the priority numbers (increasing precedence) of hierarchical/global policy rules ensures their rules are evaluated earlier. If these policies contain allow rules, they might permit traffic to reach the VPC's deny rule. Raising the priority numbers of VPC rules (lowering their precedence) ensures they are evaluated last. This adjustment aligns with GCP's evaluation order, allowing traffic to hit the VPC's deny rule for logging and proper enforcement.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Lower the priority numbers of the firewall policy rules and raise the priority numbers of the VPC firewall rules.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

You are implementing firewall controls to protect your compute resources in a newly created VPC. To simplify management and control, you've configured hierarchical firewall policies (bound at the organization level), global network firewall policies (enforcing IPS for external traffic), and VPC firewall rules (allowing RFC 1918 internal communication). The VPC firewall also includes an explicit deny rule with logging enabled.

This setup works in existing VPCs, but in a newly created VPC, logs are missing, external traffic is failing, and internal traffic functions normally. How do you resolve the connectivity issue?

Exam-Like

Last updated: February 26, 2026 at 14:03

Create a new VPC and migrate existing resources to the new VPC. Delete the old VPC, and reapply the firewall policies and rules in the newVPC.

0.0%

Raise the priority numbers of the firewall policy rules and lower the priority numbers of the VPC firewall rules.

23.8%

Review the order in which the VPC firewall rules and policies are evaluated. If the VPC firewall rules are being evaluated before firewall policies, switch the order.

33.3%

Lower the priority numbers of the firewall policy rules and raise the priority numbers of the VPC firewall rules.

42.9%