Answer-first summary for fast verification
Answer: Create a firewall rule to allow traffic from resources with specific network tags, then assign the machines in subnet-a the same tags.
The correct answer is **B** because network tags allow for more granular access control based on individually tagged instances. This method enables you to specify which virtual machines in 'subnet-a' can access 'subnet-b' without opening access to the entire subnet. Network tags are text attributes that can be added to Compute Engine virtual machine (VM) instances, allowing firewall rules and routes to be applied to specific VM instances. This approach is flexible, as tags can be edited at any time without stopping an instance. Options A, C, and D are incorrect because they either provide access to an entire subnet (contrary to the requirement), suggest an unnecessary explicit deny, or incorrectly state that individual VM access cannot be granted.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
How can you enable traffic from specific virtual machines in 'subnet-a' to access machines in 'subnet-b' without granting access to all of subnet-a?
A
Relocate the subnet-a machines to a different subnet and give the new subnet the needed access.
B
Create a firewall rule to allow traffic from resources with specific network tags, then assign the machines in subnet-a the same tags.
C
You can only grant firewall access to an entire subnet and not individual VM's inside.
D
Create a rule to deny all traffic to the entire subnet, then create a second rule with higher priority giving access to tagged VM's in subnet-a.