ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Developer All Questions

View all questions & answers for the Professional Cloud Developer exam
Go to Exam

Exam Professional Cloud Developer topic 1 question 4 discussion

Actual exam question from Google's Professional Cloud Developer
Question #: 4
Topic #: 1
[All Professional Cloud Developer Questions]

You have deployed an HTTP(s) Load Balancer with the gcloud commands shown below.

Health checks to port 80 on the Compute Engine virtual machine instance are failing and no traffic is sent to your instances. You want to resolve the problem.
Which commands should you run?

  • A. gcloud compute instances add-access-config ${NAME}-backend-instance-1
  • B. gcloud compute instances add-tags ${NAME}-backend-instance-1 --tags http-server
  • C. gcloud compute firewall-rules create allow-lb --network load-balancer --allow tcp --source-ranges 130.211.0.0/22,35.191.0.0/16 --direction INGRESS
  • D. gcloud compute firewall-rules create allow-lb --network load-balancer --allow tcp --destination-ranges 130.211.0.0/22,35.191.0.0/16 --direction EGRESS
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by donchick at Dec. 27, 2020, 1:23 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gcper
Highly Voted 3 years, 8 months ago
C the source IP ranges for health checks (including legacy health checks if used for HTTP(S) Load Balancing) are: 35.191.0.0/16 130.211.0.0/22 Furthermore it should be direction INGRESS since the health-check (ping) is coming into the load balancer/instance. source: https://cloud.google.com/load-balancing/docs/health-checks
upvoted 10 times
syu31svc
3 years, 4 months ago
Yup I would go for C based on this
upvoted 1 times
...
...
santoshchauhan
Most Recent 7 months, 3 weeks ago
Selected Answer: C
Option C is the correct choice because it addresses the issue of health check failures for the Compute Engine instances behind the HTTP(s) Load Balancer. By creating an ingress firewall rule, this command allows traffic from the load balancer’s source IP ranges to reach the instances on the specified network. These source IP ranges (130.211.0.0/22 and 35.191.0.0/16) are used by Google Cloud load balancers for health checking. Without this rule, the health checks would fail because the load balancer could not communicate with the backend instances to verify their status, resulting in no traffic being routed to those instances. By implementing this firewall rule, you ensure that the health check traffic is permitted, which should resolve the traffic routing issue and allow the load balancer to function correctly.
upvoted 1 times
...
__rajan__
1 year, 1 month ago
Selected Answer: C
I would go with C.
upvoted 1 times
...
omermahgoub
1 year, 10 months ago
To resolve the problem, you should run the following command: Copy code gcloud compute firewall-rules create allow-lb --network load-balancer --allow tcp --source-ranges 130.211.0.0/22,35.191.0.0/16 --direction INGRESS This will create a firewall rule that allows incoming TCP traffic from the specified IP ranges to the Load Balancer network. This should allow traffic to reach the instance group and the instances it contains. Option A will not help because it is used to add an external IP address to an instance, which is not necessary for the Load Balancer to work. Option B is not necessary because it is used to apply metadata to an instance, which is not related to the Load Balancer. Option D is not correct because it allows outgoing traffic from the Load Balancer network, which is not necessary for the Load Balancer to work. I hope this helps! Let me know if you have any other questions.
upvoted 2 times
...
tomato123
2 years, 2 months ago
Selected Answer: C
C is correct
upvoted 1 times
...
wilwong
3 years, 3 months ago
C ingress not egress
upvoted 1 times
...
maleksah
3 years, 9 months ago
I would say B with predefined http-server tag on instance.
upvoted 2 times
jcataluna
1 year, 11 months ago
If you check Http Server on vm creation, a FW rules with network tag "http-server" is created, but it didnt work the other way around
upvoted 1 times
...
yuchun
3 years, 4 months ago
even if you set tag, but if you don't set firewall rule based on tag, it still can't create connection from health check probe to backend service
upvoted 2 times
...
...
donchick
3 years, 10 months ago
I choose C.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago