Answer-first summary for fast verification
Answer: 1. Re-deploy the Web and App servers with instance templates configured with respective service accounts. 2. Create an allow VPC firewall rule that specifies the target/source with respective service accounts.
The correct answer is D because it uses service accounts in instance templates for firewall rules, which best meets all requirements. Service accounts provide identity-based security that persists through autoscaling, ensuring consistent network security as new instances are created. Unlike network tags, which Compute Engine Instance Admins can modify, service accounts require IAM permissions to change, preventing admins from altering network traffic. Options A and B are incorrect because they apply configurations to running instances, which doesn't address autoscaling consistency. Option C uses network tags, which admins can modify, violating the requirement to prevent traffic alteration. The community discussion strongly supports D with 100% consensus, citing Google documentation that service accounts are more secure than tags for firewall rules.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization has deployed a new workload with Web and Application (App) servers running on Compute Engine in a new custom VPC. You need to configure a secure network communication solution that meets these requirements:
A
B
C
D
No comments yet.