Explanation:
Option A is correct because it effectively blocks all egress traffic by default with a low-priority rule and only allows traffic through specific ports with a high-priority rule, ensuring minimal open egress ports. This approach is secure and meets the requirement of controlling data egress tightly. Option B is incorrect as firewall rules cannot simultaneously manage both ingress and egress traffic. Option C is flawed because a high-priority rule blocking all egress would override any low-priority allow rules, resulting in no egress traffic being permitted. Option D does not address the need to block all egress traffic by default, leaving unnecessary ports open. For more details, refer to Google Cloud's firewall documentation.
Ultimate access to all questions.
You are setting up a highly sensitive banking security web application on Compute Engine within a new VPC, protected by a firewall. Your goal is to minimize the number of open egress ports to control data egress effectively. What is the best approach?
A
B
Create a high-priority rule (1000) that manages both ingress and egress ports.
C
D
Apply a high-priority rule (1000) to allow the necessary ports.
No comments yet.