Answer-first summary for fast verification
Answer: Create a firewall rule that denies ingress traffic on Port 22 from anywhere to the VPC network and enable logging.
The correct approach involves creating a firewall rule that denies ingress (incoming) traffic on port 22 (SSH) and enabling logging to capture these events in Cloud Logging. Option C is incorrect because allowing ingress traffic contradicts the requirement to log failed attempts. Options B and D are incorrect as they focus on egress (outgoing) traffic, which is irrelevant to the task of logging failed incoming SSH attempts. For more details, refer to [Google Cloud's documentation on firewall rules logging](https://cloud.google.com/vpc/docs/firewall-rules-logging).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
As the on-call Site Reliability Engineer (SRE) for a growing media company, you're responsible for an application deployed on Compute Engine within a custom VPC. This application accepts user traffic globally via HTTPS. Your task is to log all failed incoming SSH traffic to the GCE instances. What is the best approach to achieve this?
A
Create a firewall rule that denies ingress traffic on Port 22 from anywhere to the VPC network and enable logging.
B
Create a firewall rule that allows egress traffic on Port 22 from anywhere to the VPC network and enable logging.
C
Create a firewall rule that allows ingress traffic on Port 22 from anywhere to the VPC network and enable logging.
D
Create a firewall rule that denies egress traffic on Port 22 from anywhere to the VPC network and enable logging.