Answer-first summary for fast verification
Answer: Implement a firewall rule to deny ingress traffic on Port 22 from any source to the VPC network and turn on logging.
The correct solution involves creating a firewall rule that denies ingress (incoming) traffic on port 22 (SSH) and enabling logging to capture these events in Cloud Logging. The other options are incorrect because: the firewall should not permit traffic, it should deny it; and the rule should target ingress (incoming) traffic, not egress (outgoing). For more details, refer to Firewall Rules Logging documentation.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Imagine you're the on-call Site Reliability Engineer (SRE) for a rapidly expanding media company. Your application, hosted on Compute Engine within a custom VPC, handles user traffic globally via HTTPS. Your new challenge is to log all unsuccessful SSH attempts to the GCE instances. What's the best approach to accomplish this?
A
Establish a firewall rule to block egress traffic on Port 22 from any source to the VPC network and enable logging.
B
Set up a firewall rule to permit ingress traffic on Port 22 from any source to the VPC network and activate logging.
C
Implement a firewall rule to deny ingress traffic on Port 22 from any source to the VPC network and turn on logging.
D
Create a firewall rule to allow egress traffic on Port 22 from any source to the VPC network and enable logging.
No comments yet.