Answer-first summary for fast verification
Answer: Create a firewall rule that allows ingress traffic on Port 22 from the company network to the VPC network and enable logging.
Option A is incorrect because the firewall should allow, not deny, ingress (incoming) traffic. Option C is correct as it involves creating a firewall rule that permits ingress (incoming) traffic on port 22 (SSH) and activates logging, ensuring logs are recorded in Cloud Logging. Options B and D are incorrect since the firewall should manage ingress (incoming) traffic, not egress (outgoing). For more details, refer to [Google Cloud's documentation on firewall rules logging](https://cloud.google.com/vpc/docs/firewall-rules-logging).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As the on-call Site Reliability Engineer (SRE) for a betting company, you're responsible for an application deployed on the App Engine flexible environment within a custom VPC. This application accepts user traffic globally via HTTPS. Your task is to log all successful incoming SSH traffic to the Google Compute Engine (GCE) instances originating from the company's network. How would you accomplish this?
A
Create a firewall rule that denies ingress traffic on Port 22 from the company network to the VPC network and enable logging.
B
Create a firewall rule that allows egress traffic on Port 22 from the company network to the VPC network and enable logging.
C
Create a firewall rule that allows ingress traffic on Port 22 from the company network to the VPC network and enable logging.
D
Create a firewall rule that denies egress traffic on Port 22 from the company network to the VPC network and enable logging.
No comments yet.