Google Professional Cloud Network Engineer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
In your Google Cloud organization, you have two folders: Dev and Prod. You need a scalable and cost-effective method to uniformly enforce the following firewall rules across all virtual machines (VMs):
• Allow traffic on port 8080 for all VMs in projects under the Dev folder.
• Block all traffic to port 8080 for all VMs in projects under the Prod folder.
What is the recommended approach to achieve this?
Explanation:
The correct approach is to use Hierarchical Firewall Policies for scalable and consistent enforcement of firewall rules across projects within the Dev and Prod folders. This method allows you to define rules at the folder level, which automatically apply to all projects within those folders, ensuring minimal manual configuration and cost. Option A correctly implements this by creating and associating separate firewall policies with the Dev and Prod folders, specifying the required rules for port 8080. This approach is both efficient and effective for managing firewall rules at scale within Google Cloud.