Answer-first summary for fast verification
Answer: Create an explicit Deny Any rule and enable logging on the new rule.
The issue arises because the default implicit 'deny all' rule in Google Cloud does not log denied traffic unless explicitly configured. To capture logs of denied connections, you need to create an explicit 'deny all' rule with logging enabled. This rule should have a priority that ensures it is evaluated after your allow rules but before the default implicit deny rule. Option D correctly addresses this by suggesting the creation of an explicit Deny Any rule with logging enabled, which will ensure that all denied traffic is logged. Options A, B, and C do not directly solve the problem of logging denied connections by the firewall.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have configured a firewall with rules permitting traffic only on HTTP, HTTPS, and SSH ports. During testing, you attempt to access the server using various ports and protocols, but no denied connections appear in the firewall logs. How should you troubleshoot this issue?
A
Enable logging on the default Deny Any Firewall Rule.
B
Enable logging on the VM Instances that receive traffic.
C
Create a logging sink forwarding all firewall logs with no filters.
D
Create an explicit Deny Any rule and enable logging on the new rule.
No comments yet.