Answer-first summary for fast verification
Answer: Enable Firewall Rules Logging on the latest rules that were changed. Use Logs Explorer to analyze whether the rules are working correctly.
Option A is the correct answer because Firewall Rules Logging is specifically designed for auditing and troubleshooting firewall rule behavior in Google Cloud. It generates connection records for each allow/deny decision, allowing direct analysis of whether the recent rule changes are blocking legitimate traffic. This approach is non-disruptive, targeted, and provides immediate visibility into rule effectiveness. Option B (bastion host with traffic analyzer) is overly complex and doesn't directly test firewall rule behavior. Option C (disabling rules in pre-production) is risky and doesn't replicate the production environment accurately. Option D (VPC Flow Logs) shows network flow data but doesn't specifically indicate which firewall rules are allowing or denying traffic, making it less precise for firewall rule troubleshooting.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You need to test if your Compute Engine firewall rules are blocking traffic to a public-facing application. What is the correct troubleshooting step to take?
A
Enable Firewall Rules Logging on the latest rules that were changed. Use Logs Explorer to analyze whether the rules are working correctly.
B
Connect to a bastion host in your VPC. Use a network traffic analyzer to determine at which point your requests are being blocked.
C
In a pre-production environment, disable all firewall rules individually to determine which one is blocking user traffic.
D
Enable VPC Flow Logs in your VPC. Use Logs Explorer to analyze whether the rules are working correctly.