Answer-first summary for fast verification
Answer: Create an egress firewall rule to allow traffic to the CIDR range of the repository with a priority less than 1000.
The correct answer is B because it addresses both key requirements: (1) Firewall rules in Google Cloud only support CIDR ranges for destination specifications, not hostnames, eliminating options C and D. (2) The existing deny rule has priority 1000, so to allow traffic to the repository, a new rule must have higher priority (lower numerical value) to override the deny rule. A priority less than 1000 ensures the allow rule is evaluated first. Community discussion strongly supports B with 90% consensus, emphasizing that lower priority numbers indicate higher precedence and CIDR ranges are mandatory for firewall destinations.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A customer has an analytics workload on Compute Engine that requires restricted internet access. Your team implemented an egress firewall rule with a priority of 1000 to deny all traffic to the internet. The Compute Engine instances now need to access a public repository to obtain security updates. What should your team do?
A
Create an egress firewall rule to allow traffic to the CIDR range of the repository with a priority greater than 1000.
B
Create an egress firewall rule to allow traffic to the CIDR range of the repository with a priority less than 1000.
C
Create an egress firewall rule to allow traffic to the hostname of the repository with a priority greater than 1000.
D
Create an egress firewall rule to allow traffic to the hostname of the repository with a priority less than 1000.