Answer-first summary for fast verification
Answer: Create an internal TCP/UDP load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.
To monitor egress traffic payloads, Packet Mirroring is required as it captures the actual packet content, including payload data. VPC Flow Logs and firewall logs only provide metadata (e.g., IPs, ports) and not the payload. Packet Mirroring in GCP uses an internal TCP/UDP load balancer (Layer 4) to mirror traffic. An HTTP(S) load balancer (Layer 7) is not compatible with Packet Mirroring. Option C correctly configures the required setup to mirror egress traffic for IDS inspection.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
To comply with your organization's security policy requiring monitoring of all egress traffic payloads from virtual machines in the us-west2 region, you have deployed an intrusion detection system (IDS) virtual appliance in the same region. How should you configure the environment to ensure the IDS monitors all egress traffic payloads from us-west2?
A
Enable firewall logging, and forward all filtered egress firewall logs to the IDS.
B
Enable VPC Flow Logs. Create a sink in Cloud Logging to send filtered egress VPC Flow Logs to the IDS.
C
Create an internal TCP/UDP load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.
D
Create an internal HTTP(S) load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.