Answer-first summary for fast verification
Answer: 1. Implement a low-priority rule (65534) to block all egress traffic. 2. Add a high-priority rule (1000) to allow only the necessary ports.
Option A is correct because it effectively blocks all egress traffic by default with a low-priority rule and only allows traffic through specific ports with a high-priority rule, ensuring minimal open egress ports. This approach is secure and meets the requirement of controlling data egress tightly. Option B is incorrect as firewall rules cannot simultaneously manage both ingress and egress traffic. Option C is flawed because a high-priority rule blocking all egress would override any low-priority allow rules, resulting in no egress traffic being permitted. Option D does not address the need to block all egress traffic by default, leaving unnecessary ports open. For more details, refer to [Google Cloud's firewall documentation](https://cloud.google.com/vpc/docs/firewalls).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are setting up a highly sensitive banking security web application on Compute Engine within a new VPC, protected by a firewall. Your goal is to minimize the number of open egress ports to control data egress effectively. What is the best approach?
A
B
Create a high-priority rule (1000) that manages both ingress and egress ports.
C
D
Apply a high-priority rule (1000) to allow the necessary ports.
No comments yet.