Answer-first summary for fast verification
Answer: 1. Attach external IP addresses to the VMs in scope. 2. Define and apply a hierarchical firewall policy on folder level to deny all egress connections and to allow egress to IP range 10.58.5.0/24 from network dev-vpc.
Option C is the correct answer because it uses a hierarchical firewall policy applied at the folder level, which aligns with the requirement to enforce rules across multiple projects and VPC networks with minimal maintenance. This approach centralizes control, automatically applies to all resources in the folder, and explicitly denies all egress traffic except to the specified IP range (10.58.5.0/24) from 'dev-vpc'. Attaching external IP addresses ensures VMs can route traffic externally, subject to the firewall policy. Option B (Cloud NAT) is less suitable as it primarily provides internet access and lacks granular control for restricting egress by source VPC. Option A introduces unnecessary complexity with a new VPC and network appliance. Option D uses VPC firewall rules, which are project-specific and require manual application to each project, increasing maintenance effort.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You manage network traffic for a folder containing multiple projects and VPC networks in Google Cloud. You need to enforce a folder-level rule that restricts egress connections to the IP range 10.58.5.0/24 and only allows them from the VPC network named "dev-vpc". Your goal is to minimize implementation and maintenance effort.
What should you do?
A
B
C
D
No comments yet.