Answer-first summary for fast verification
Answer: Create two firewall rules: 1. Ingress: Target instances with tier#2 service account, Source: instances with tier#1 service account, Protocols: TCP 8080 2. Ingress: Target instances with tier#3 service account, Source: instances with tier#2 service account, Protocols: TCP 8080
Option A is incorrect because it applies firewall rules to all instances indiscriminately, not just between the specified tiers, and allows all protocols instead of restricting to TCP on port 8080. Option B is correct because it precisely targets communication between the specified tiers using their service accounts and restricts the protocol to TCP on port 8080, ensuring secure and specific communication paths. Option C is incorrect as it allows all protocols between instances, which is not secure and does not meet the requirement of restricting communication to TCP on port 8080. Option D is incorrect because it uses egress rules and IP ranges instead of service account filters, which are not suitable for controlling inbound traffic between the tiers. For more information, refer to: - [Google Cloud VPC Firewalls](https://cloud.google.com/vpc/docs/firewalls) - [Using Firewalls in Google Cloud VPC](https://cloud.google.com/vpc/docs/using-firewalls)
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your freight tracking application is deployed as a three-tier app on Compute Engine. The current infrastructure is configured with different service accounts for each tier, and communication between tiers occurs on port 8080. You need to modify the network setup to ensure:
A
Create two firewall rules:
B
Create two firewall rules:
C
Create two firewall rules:
D
Create two firewall rules: