In your Google Cloud organization, you have two folders: Dev and Prod. You need a scalable and cost-effective method to uniformly enforce the following firewall rules across all virtual machines (VMs):

• Allow traffic on port 8080 for all VMs in projects under the Dev folder.
• Block all traffic to port 8080 for all VMs in projects under the Prod folder.

What is the recommended approach to achieve this?

Exam-Like

Create and associate a firewall policy with the Dev folder with a rule to open port 8080. Create and associate a firewall policy with the Prod folder with a rule to deny traffic to port 8080.

75.0%

Create a Shared VPC for the Dev projects and a Shared VPC for the Prod projects. Create a VPC firewall rule to open port 8080 in the Shared VPC for Dev. Create a firewall rule to deny traffic to port 8080 in the Shared VPC for Prod. Deploy VMs to those Shared VPCs.

0.0%

In all VPCs for the Dev projects, create a VPC firewall rule to open port 8080. In all VPCs for the Prod projects, create a VPC firewall rule to deny traffic to port 8080.

25.0%

Use Anthos Config Connector to enforce a security policy to open port 8080 on the Dev VMs and deny traffic to port 8080 on the Prod VMs.

0.0%

Google Professional Cloud Network Engineer

Get started today

Comments