Answer-first summary for fast verification
Answer: Enable VPC Flow Logs in the subnets hosting the instances to sample network traffic.
Option A is correct because VPC Flow Logs are designed to sample network flows to and from VM instances, including those used as GKE nodes, aiding in network monitoring, security analysis, and cost optimization. Options B and C are steps that either follow the enabling of VPC Flow Logs or focus on firewall-specific traffic, not general network flows. Option D is unrelated to network traffic sampling, focusing instead on application and OS logs. Reference: [Google Cloud VPC Flow Logs Documentation](https://cloud.google.com/vpc/docs/using-flow-logs).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company has deployed compute resources in VPCs within the Development Project, with applications running on GCE Instances across three VPCs. A new security mandate requires sampling network flows to and from these VM instances. Which solution best meets this requirement?
A
Enable VPC Flow Logs in the subnets hosting the instances to sample network traffic.
B
Configure a Logs Sink with an inclusion filter to sample VPC traffic, post enabling VPC Flow Logs.
C
Activate Firewall logs for rules impacting instances in the VPCs to capture allowed or denied traffic.
D
Install the FluentD agent on instances for forwarding application logs to Cloud Logging, unrelated to network traffic.
No comments yet.