To allow SSH access (port 22) to resources in a VPC, you need to create a firewall rule that explicitly permits TCP port 22. The default ingress policy in Google Cloud VPC is to deny all traffic, so a single rule allowing port 22 is sufficient. This approach ensures that SSH is permitted while all other traffic remains blocked by default. Options A and B are incorrect because they suggest creating unnecessary or conflicting rules, such as blocking all traffic with a higher priority, which would override the allow rule. Options B and D are also incorrect because they reference port 3389 (RDP), which is not relevant for SSH access. Therefore, the correct configuration is to create a single firewall rule allowing port 22.