Answer-first summary for fast verification
Answer: Implement a firewall rule blocking ingress traffic on Port 22 from any source to the VPC network and enable logging.
The correct solution involves creating a firewall rule that denies ingress (incoming) traffic on port 22 (SSH) and turning on logging to ensure logs are captured in Cloud Logging. Other options are incorrect because: allowing traffic contradicts the requirement to log failed attempts; the focus should be on ingress (incoming) traffic, not egress (outgoing). For more details, refer to Firewall Rules Logging documentation.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
As the on-call Site Reliability Engineer (SRE) for a growing media company, you're responsible for an application deployed on Compute Engine within a custom VPC. This application handles user traffic globally via HTTPS. Your task is to log all failed incoming SSH traffic to the Google Compute Engine (GCE) instances. What is the correct approach to achieve this?
A
Establish a firewall rule permitting egress traffic on Port 22 from any source to the VPC network and enable logging.
B
Implement a firewall rule blocking ingress traffic on Port 22 from any source to the VPC network and enable logging.
C
Set up a firewall rule allowing ingress traffic on Port 22 from any source to the VPC network and enable logging.
D
Create a firewall rule prohibiting egress traffic on Port 22 from any source to the VPC network and enable logging.