Answer-first summary for fast verification
Answer: The SSH connection is denied because the deny rule, having a higher priority, overrides the allow rule.
The correct answer is **D** because firewall rules are evaluated based on their priority, with lower numbers indicating higher priority. The 'deny-all' rule has a priority of 1000, which is higher (numerically lower) than the 'open-ssh' rule's priority of 5000. Therefore, the deny rule takes precedence, blocking the SSH connection. - **Option A** is incorrect because firewall rules are applied immediately and do not require an instance reboot to take effect. - **Option B** is incorrect because SSH keys are automatically generated and transferred to the instance during setup. - **Option C** is incorrect because firewall rules are applied based on network tags or to all instances in the network, not directly to individual instances. For more details, refer to the [GCP documentation on VPC Firewall Rules – Priority](https://cloud.google.com/vpc/docs/firewalls#priority).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You’ve configured an instance within your new network and subnet, setting up firewall rules targeting all instances in your network. The rules are as follows:
Despite these settings, your SSH connection attempts to the instance are timing out. What is the most probable reason for this issue?
A
The SSH connection is denied, and the instance requires a reboot for the allow rule to become effective.
B
The SSH key has not been properly uploaded to the instance.
C
The firewall rule must be specifically applied to the instance.
D
The SSH connection is denied because the deny rule, having a higher priority, overrides the allow rule.
No comments yet.