Answer-first summary for fast verification
Answer: Enable logging on the firewall rule.
The goal is to log each client IP address accessing the API with the fewest steps. The internal TCP/UDP load balancer (L4) does not preserve client IPs in traffic to backend instances, so solutions capturing traffic at the instance level (e.g., Ops Agent, instance firewall logs) would log the load balancer's IP instead. Enabling logging on the firewall rule that allows access to the API port (from 0.0.0.0/0) logs connections directly from clients to the load balancer, capturing the client IP. This is a single configuration change with no sampling, unlike VPC Flow Logs. Options A and B involve more steps and complexity, and Option D may not log every access due to sampling.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are managing a Compute Engine application with a custom HTTP server exposing an API accessed via an internal TCP/UDP load balancer. A firewall rule permits API port access from 0.0.0.0/0. To log each API-accessing IP address in Cloud Logging with minimal steps, what is the first action you should take?
A
Enable Packet Mirroring on the VPC.
B
Install the Ops Agent on the Compute Engine instances.
C
Enable logging on the firewall rule.
D
Enable VPC Flow Logs on the subnet.
No comments yet.