Google Professional Cloud Network Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: The traffic is not matching the expected ingress rule.

The issue arises when the external resource initiates communication (ingress traffic to the VM). Firewall logs only capture traffic that matches explicit firewall rules (allow or deny). Since there are no denied entries in the logs, the traffic is likely blocked by the default implicit deny (no matching allow rule), which does not generate logs. The absence of logs indicates the traffic isn't matching any expected ingress rule (e.g., a misconfigured or missing allow rule for the external resource). This explains why the logs don't show denied traffic and why the application cannot receive the external communication.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: The traffic is not matching the expected ingress rule.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

An application running on a Compute Engine VM instance cannot communicate with an external resource outside its subnet. Flow logs and firewall logs show no denied traffic. Troubleshooting reveals:

VPC subnet flow logs are enabled, and all firewall rules are configured to log.

Subnetwork logs are not excluded from Stackdriver.

The application-hosting instance can communicate outside the subnet.

Other instances within the subnet can communicate outside the subnet.

The external resource initiates the communication.

What is the most probable reason for the absence of log entries?

Exam-Like

The traffic is matching the expected ingress rule.

0.0%

The traffic is matching the expected egress rule.

10.0%

The traffic is not matching the expected ingress rule.

60.0%

The traffic is not matching the expected egress rule.

30.0%