Google Professional Cloud DevOps Engineer

Get started today

Ultimate access to all questions.

Explanation:

The goal is to capture network traffic for analyzing a suspected malicious process in the production frontend servers. VPC Flow Logs are ideal for monitoring traffic. Key considerations:

Targeted Scope: The malicious activity is confined to the production environment. Enabling logs in the testing environment (options C and D) is unnecessary and adds cost/complexity without benefit.
Sampling Rate: Intermittent malicious traffic requires a high sampling rate to avoid missing data. A sample volume scale of 1.0 (100% sampling) in option B ensures all traffic is captured, unlike 0.5 (50% sampling) in options A and C, which risks missing intermittent communications.
Urgency: Testing changes in a non-production environment (options C and D) delays capturing the malicious traffic in production, which is critical for real-time analysis. VPC Flow Logs are non-disruptive, so applying directly to production is safe and efficient.
Subnet Focus: The logs should cover both frontend and backend subnets in production, as the malicious process might communicate across subnets. Options A and B correctly limit logs to production subnets.

Thus, option B is optimal: enabling VPC Flow Logs only on the production VPC's frontend and backend subnets with 100% sampling ensures comprehensive, timely capture of traffic for analysis.

Explanation:

The goal is to capture network traffic for analyzing a suspected malicious process in the production frontend servers. VPC Flow Logs are ideal for monitoring traffic. Key considerations:

Targeted Scope: The malicious activity is confined to the production environment. Enabling logs in the testing environment (options C and D) is unnecessary and adds cost/complexity without benefit.
Sampling Rate: Intermittent malicious traffic requires a high sampling rate to avoid missing data. A sample volume scale of 1.0 (100% sampling) in option B ensures all traffic is captured, unlike 0.5 (50% sampling) in options A and C, which risks missing intermittent communications.
Urgency: Testing changes in a non-production environment (options C and D) delays capturing the malicious traffic in production, which is critical for real-time analysis. VPC Flow Logs are non-disruptive, so applying directly to production is safe and efficient.
Subnet Focus: The logs should cover both frontend and backend subnets in production, as the malicious process might communicate across subnets. Options A and B correctly limit logs to production subnets.

Thus, option B is optimal: enabling VPC Flow Logs only on the production VPC's frontend and backend subnets with 100% sampling ensures comprehensive, timely capture of traffic for analysis.

Comments (0)

No comments yet.

You are running a real-time gaming application on Compute Engine with separate production and testing environments, each having its own Virtual Private Cloud (VPC) network. The application's frontend and backend servers are in different subnets within each environment's VPC. You suspect a malicious process is intermittently communicating from your production frontend servers and need to capture network traffic for analysis. What should you do?

Exam-Like

Last updated: April 2, 2026 at 14:03

Enable VPC Flow Logs on the production VPC network frontend and backend subnets only with a sample volume scale of 0.5.

25.0%

Enable VPC Flow Logs on the production VPC network frontend and backend subnets only with a sample volume scale of 1.0.

25.0%

Enable VPC Flow Logs on the testing and production VPC network frontend and backend subnets with a volume scale of 0.5. Apply changes in testing before production.