Answer-first summary for fast verification
Answer: Enable VPC Flow Logs in the subnets hosting the instances to sample network traffic.
Option A is correct because VPC Flow Logs capture a sample of network flows to and from VM instances, including GKE nodes, aiding in network monitoring, security analysis, and cost optimization. Option B is incorrect as FluentD is for application and OS logs, not VPC network traffic. Option C is not viable without first enabling VPC Flow Logs. Option D is unsuitable as it only logs traffic allowed or denied by specific firewall rules, not general network flows. Reference: [Google Cloud VPC Flow Logs Documentation](https://cloud.google.com/vpc/docs/using-flow-logs).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your company has deployed compute resources in VPCs within the Development Project, with applications running on GCE Instances across three VPCs. A new security mandate requires sampling network flows to and from these VM instances. Which solution meets this requirement?
A
Enable VPC Flow Logs in the subnets hosting the instances to sample network traffic.
B
Configure the FluentD agent on instances for forwarding application logs to Cloud Logging.
C
Set up a Logs Sink with an inclusion filter to sample VPC traffic.
D
Activate Firewall logs for firewall rules impacting the VPC-deployed instances.