Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 66 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 66
Topic #: 1
[All Professional Cloud Network Engineer Questions]

You have created a firewall with rules that only allow traffic over HTTP, HTTPS, and SSH ports. While testing, you specifically try to reach the server over multiple ports and protocols; however, you do not see any denied connections in the firewall logs. You want to resolve the issue.
What should you do?

  • A. Enable logging on the default Deny Any Firewall Rule.
  • B. Enable logging on the VM Instances that receive traffic.
  • C. Create a logging sink forwarding all firewall logs with no filters.
  • D. Create an explicit Deny Any rule and enable logging on the new rule.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by ESP_SAP at Nov. 3, 2020, 8:54 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ESP_SAP
Highly Voted 4 years ago
Correct Answer is (D): Firewall Rules Logging has the following specifications: You can only enable Firewall Rules Logging for rules in a Virtual Private Cloud (VPC) network. Legacy networks are not supported. Firewall Rules Logging only records TCP and UDP connections. Although you can create a firewall rule applicable to other protocols, you cannot log their connections. You cannot enable Firewall Rules Logging for the implied deny ingress and implied allow egress rules. Log entries are written from the perspective of virtual machine (VM) instances. Log entries are only created if a firewall rule has logging enabled and if the rule applies to traffic sent to or from the VM. Entries are created according to the connection logging limits on a best effort basis. The number of connections that can be logged in a given interval is based on the machine type. Changes to firewall rules can be viewed in VPC audit logs. https://cloud.google.com/vpc/docs/firewall-rules-logging#specifications
upvoted 25 times
lukedj87
4 years ago
Agree!
upvoted 1 times
...
AzureDP900
2 years ago
Yes. D. Create an explicit Deny Any rule and enable logging on the new rule.
upvoted 1 times
...
...
nkastanas
Most Recent 4 months, 2 weeks ago
Selected Answer: D
it is D
upvoted 1 times
...
dragos_dragos62000
10 months, 2 weeks ago
Selected Answer: D
Answer D
upvoted 1 times
...
Gurminderjit
11 months, 3 weeks ago
D is the answer
upvoted 1 times
...
pk349
1 year, 10 months ago
• D. Create an explicit ******* Deny Any rule and enable logging on the new rule.
upvoted 1 times
...
small1_small2
2 years, 3 months ago
Selected Answer: D
Correct Answer is (D): Explicit deny rule is required to see the logs https://cloud.google.com/vpc/docs/firewall-rules-logging#specifications
upvoted 2 times
...
kumarp6
2 years, 10 months ago
Answer is : D
upvoted 2 times
...
kumarp6
2 years, 10 months ago
Answer is D
upvoted 2 times
...
Vidyasagar
3 years, 8 months ago
D is correct
upvoted 3 times
...
[Removed]
4 years ago
Ans - D
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel