Google Professional Cloud Network Engineer

Get started today

Ultimate access to all questions.

Explanation:

The question requires blocking all SMTP traffic except from the corporate network and allowing it only in specific VPCs. Hierarchical firewall policies are evaluated first, followed by VPC firewall rules. Option C configures an ingress hierarchical rule (priority 10000) allowing corporate SMTP with goto_next, enabling evaluation of subsequent rules. The next hierarchical rule (priority 10010) denies all SMTP. This ensures corporate traffic is evaluated by VPC rules, which explicitly allow SMTP in specific VPCs. The priority order (10010 evaluated first) blocks all traffic, but the goto_next action in the corporate rule allows VPC rules to override for permitted VPCs. This meets the requirement of blocking non-corporate SMTP and allowing it only in specified VPCs.

Explanation:

Comments (0)

No comments yet.

To meet your organization's requirements of blocking all SMTP traffic to your cloud environment except for traffic originating from your corporate network, while restricting SMTP access to only specific VPCs across Google Cloud projects, what configuration steps should you take in the security policy?

Exam-Like

Configure an ingress hierarchical firewall rule with priority 10000 specifying the 0.0.0.0/0 source, TCP port 25, and the deny action. 2. Configure an egress hierarchical firewall rule with priority 10010 specifying the source of your corporate network as TCP port 25 and the goto_next action. 3. Associate the hierarchical firewall policy at the organization level. 4. Configure firewall policy rules allowing TCP port 25 in the firewall policies associated with the respective VPCs that require that access.

16.7%

Configure an ingress hierarchical firewall rule with priority 10000 specifying the 0.0.0.0/0 source, TCP port 25, and the allow action. 2. Associate the hierarchical firewall policy at the organization level. 3. Configure firewall policy rules to deny TCP port 25 in the firewall policies associated with the respective VPCs that do not require that access.

0.0%

Configure an ingress hierarchical firewall rule with priority 10000 specifying the source of your corporate network, TCP port 25, and the goto_next action. 2. Configure an ingress hierarchical firewall rule with priority 10010 specifying the 0.0.0.0/0 source, TCP port 25, and the deny action. 3. Associate the hierarchical firewall policy at the organization level. 4. Configure firewall policy rules allowing TCP port 25 in the firewall policies associated with the respective VPCs that require that access.

Configure an ingress hierarchical firewall rule with priority 10000 specifying the 0.0.0.0/0 source, TCP port 25, and the deny action. 2. Associate the hierarchical firewall policy at the organization level. 3. Configure firewall policy rules allowing TCP port 25 in the firewall policies associated with the respective VPCs that require that access.

25.0%