Exam Professional Cloud Network Engineer topic 1 question 37 discussion

Correct Answers are (A) & (B): A: Using VPC Flow Logs VPC Flow Logs records a sample of network flows sent from and received by VM instances, including instances used as GKE nodes. These logs can be used for network monitoring, forensics, real-time security analysis, and expense optimization. https://cloud.google.com/vpc/docs/using-flow-logs (B): Firewall Rules Logging overview Firewall Rules Logging allows you to audit, verify, and analyze the effects of your firewall rules. For example, you can determine if a firewall rule designed to deny traffic is functioning as intended. Firewall Rules Logging is also useful if you need to determine how many connections are affected by a given firewall rule. You enable Firewall Rules Logging individually for each firewall rule whose connections you need to log. Firewall Rules Logging is an option for any firewall rule, regardless of the action (allow or deny) or direction (ingress or egress) of the rule. https://cloud.google.com/vpc/docs/firewall-rules-logging

This site used to be good, now it's horrible, you have to pay to get all the questions

Ans is A and B because they want to monitor traffic from VM, so no point in monitoring audit logs and system logs

A. VPC flow logs B. Firewall logs Both VPC flow logs and Firewall logs can be used to monitor network traffic to and from Compute Engine instances. VPC flow logs provide visibility into network flows within a VPC network, while Firewall logs provide visibility into firewall rules that are applied to traffic. Incorporating both these products into the solution will ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances. Cloud Audit logs are used to track who did what, where, and when across Google Cloud resources, and Stackdriver Trace is used to debug performance issues in applications, but they are not directly relevant to monitoring network traffic in this scenario. Compute Engine instance system logs provide information about the instances themselves, but not about the traffic flowing to and from them.

The two products that should be incorporated into the solution to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances are: A. VPC flow logs: This will allow you to capture network flows at the Virtual Private Cloud (VPC) level, including information such as source and destination IP addresses, ports, protocol, and bytes transferred. B. Firewall logs: This will allow you to capture information about the traffic that has been allowed or denied by the firewall rules that are applied to your Compute Engine instances. Therefore, options A and B are the correct answers.

A. VPC flow logs: VPC Flow Logs records a sample of network flows sent from and received by VM instances, including instances used as Google Kubernetes Engine nodes. These logs can be used for network monitoring, forensics, real-time security analysis, and expense optimization. B. Firewall logs: Firewall log analysis can be used to discover suspicious network activity that could indicate malicious threat actors breaching a network and can help greatly improve an organization's firewall effectiveness. A firewall analyzer helps by monitoring how the firewall handles traffic.

Only A & B answer to the requirements.

Answer is : A and

A & B are correct.

A and B

Ans - AB