Answer-first summary for fast verification
Answer: Enable VPC Flow Logs in the subnets hosting the instances to sample network traffic.
Option A is correct because VPC Flow Logs capture a sample of network flows to and from VM instances, including GKE nodes, aiding in network monitoring, security analysis, and cost optimization. Option B is incorrect as FluentD is for application and OS logs, not VPC network traffic. Option C is not viable without first enabling VPC Flow Logs. Option D is unsuitable as it only logs traffic allowed or denied by specific firewall rules, not general network flows. Reference: [Google Cloud VPC Flow Logs Documentation](https://cloud.google.com/vpc/docs/using-flow-logs).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company has deployed compute resources in VPCs within the Development Project, with applications running on GCE Instances across three VPCs. A new security mandate requires sampling network flows to and from these VM instances. Which solution meets this requirement?
A
Enable VPC Flow Logs in the subnets hosting the instances to sample network traffic.
B
Configure the FluentD agent on instances for forwarding application logs to Cloud Logging.
C
Set up a Logs Sink with an inclusion filter to sample VPC traffic.
D
Activate Firewall logs for firewall rules impacting the VPC-deployed instances.
No comments yet.