ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 191 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 191
Topic #: 1
[All Professional Cloud Network Engineer Questions]

You are implementing firewall controls to protect your computer resources in a newly created VPC. To make the protection process easier to manage and control, you've defined the hierarchical firewall policies, global network firewall policies, and VPC firewall rules. The configuration of rules defines the following characteristics:

• The hierarchical firewall policy, bound at the organization level, is allowing/denying spe-cific external traffic.
• There is a global network firewall policy with rules that enforce intrusion prevention sys-tem (IPS) capabilities for specific external inbound/outbound traffic.
• The VPC firewall rules allow internal communication from RFC 1918 defined subnets communications.
• The VPC firewall contains an explicit deny rule with logs enabled.

This configuration was successful in multiple preexisting VF'Cs. However, you noticed that the logs were missing when you were reviewing a newly created VPC. All external communications are hanging, but internal traffic is working as expected. You want to fix the connectivity issue.

What should you do?

  • A. Create a new VPC and migrate existing resources to the new VPC. Delete the old VPC, and reapply the firewall policies and rules in the newVPC.
  • B. Raise the priority numbers of the firewall policy rules and lower the priority numbers of the VPC firewall rules.
  • C. Review the order in which the VPC firewall rules and policies are evaluated. If the VPC firewall rules are being evaluated before firewall policies, switch the order.
  • D. Lower the priority numbers of the firewall policy rules and raise the priority numbers of the VPC firewall rules.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by 09bd94b at Feb. 21, 2025, 4:01 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rich_maverick
3 weeks, 6 days ago
Selected Answer: C
This question really sucks. The fact is that you really can't affect the order of the evaluation directly by playing with the number values. Hierarchical always comes first. Then, global network and then VPC. There is a way to swap out VPC before global network using networkFirewallPolicyEnforcementOrder. But, given that only external communications are hanging, it would not be my most obvious solution to fix the issue. Unfortunately, C is the least bad answer of the choices presented.
upvoted 1 times
...
1f01b87
1 month ago
Selected Answer: D
Correct answer is D.
upvoted 1 times
...
b0b25
1 month, 3 weeks ago
Selected Answer: C
Review to put them in right order
upvoted 2 times
...
09bd94b
1 month, 3 weeks ago
Selected Answer: C
this is the only answer with a logical flow
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago