ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Associate Cloud Engineer All Questions

View all questions & answers for the Associate Cloud Engineer exam
Go to Exam

Exam Associate Cloud Engineer topic 1 question 53 discussion

Actual exam question from Google's Associate Cloud Engineer
Question #: 53
Topic #: 1
[All Associate Cloud Engineer Questions]

Your company has a 3-tier solution running on Compute Engine. The configuration of the current infrastructure is shown below.

Each tier has a service account that is associated with all instances within it. You need to enable communication on TCP port 8080 between tiers as follows:
* Instances in tier #1 must communicate with tier #2.
* Instances in tier #2 must communicate with tier #3.
What should you do?

  • A. 1. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances ג€¢ Source filter: IP ranges (with the range set to 10.0.2.0/24) ג€¢ Protocols: allow all 2. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances ג€¢ Source filter: IP ranges (with the range set to 10.0.1.0/24) ג€¢ Protocols: allow all
  • B. 1. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances with tier #2 service account ג€¢ Source filter: all instances with tier #1 service account ג€¢ Protocols: allow TCP:8080 2. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances with tier #3 service account ג€¢ Source filter: all instances with tier #2 service account ג€¢ Protocols: allow TCP: 8080
  • C. 1. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances with tier #2 service account ג€¢ Source filter: all instances with tier #1 service account ג€¢ Protocols: allow all 2. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances with tier #3 service account ג€¢ Source filter: all instances with tier #2 service account ג€¢ Protocols: allow all
  • D. 1. Create an egress firewall rule with the following settings: ג€¢ Targets: all instances ג€¢ Source filter: IP ranges (with the range set to 10.0.2.0/24) ג€¢ Protocols: allow TCP: 8080 2. Create an egress firewall rule with the following settings: ג€¢ Targets: all instances ג€¢ Source filter: IP ranges (with the range set to 10.0.1.0/24) ג€¢ Protocols: allow TCP: 8080
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by The_Bro at March 12, 2021, 4:19 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
obeythefist
Highly Voted 2 years, 5 months ago
This question is designed to waste your time during the exam by making you read all those long answers. Remember that part of exam technique is not about knowing the product at all, but understanding multiple choice questions. For example when two answers are very similar to each other, this can increase the likelihood that the correct answer is one of those two. In this case it's an easy process of elimination as all answers are similar, we just need to filter out the wrong ones (and whacking the wrong answer in an exam is sometimes the best way to find the right one). Two answers mention port 8080, and two mention all ports. Obviously we just need port 8080, so we can immediately eliminate those two questions that want all ports open. That gives us a 50/50 chance of getting this question right. Of the remaining answers, one says "ingress" and the other "egress". We know that by default egress is permitted and ingress is not, so that makes "b" the only surviving choice.
upvoted 97 times
shmoeee
6 months, 2 weeks ago
obeythefist broke it down EXACTLY how I did it before viewing discussion. This exam is starting to seem easier and easier :)
upvoted 3 times
...
nmnm22
10 months ago
obeythefist would 100% survive an apocalypse
upvoted 4 times
...
kenrichy
1 year, 5 months ago
Hi Obey, many thanks for the exam tricks
upvoted 4 times
...
...
kopper2019
Highly Voted 3 years, 4 months ago
if you see closely, port 8080 and service account is required so B is the answer without reading all answers
upvoted 27 times
GCPjunkie
2 years, 7 months ago
Love they way you think, drill down to the important details.
upvoted 4 times
...
...
Captain1212
Most Recent 1 year ago
Selected Answer: B
b is the correct answer
upvoted 1 times
...
Buruguduystunstugudunstuy
1 year, 6 months ago
Selected Answer: B
ANSWER B is the correct answer because it creates ingress firewall rules that allow communication between the instances in the different tiers on TCP port 8080, based on their associated service accounts. The first rule allows traffic from instances in Tier#1 with the Tier#1 service account to instances in Tier#2 with the Tier#2 service account. The second rule allows traffic from instances in Tier#2 with the Tier#2 service account to instances in Tier#3 with the Tier#3 service account. This ensures that only the appropriate instances can communicate with each other.
upvoted 1 times
Buruguduystunstugudunstuy
1 year, 6 months ago
ANSWER A is incorrect because it creates ingress firewall rules to allow communication between instances based on the IP ranges of their respective subnets. However, this doesn't guarantee that only instances in the desired tiers will be able to communicate with each other. Other instances outside the desired tiers that happen to be in the same subnet ranges will also be able to communicate. ANSWER C is incorrect because it also allows all protocols for communication between instances in the desired tiers. This may not be desirable from a security standpoint, as it can potentially allow for unauthorized access or communication between instances. ANSWER D is incorrect because it creates egress firewall rules instead of ingress rules. Egress rules control outbound traffic from instances, whereas ingress rules control inbound traffic. In this case, we need to control inbound traffic to allow communication between tiers on TCP port 8080.
upvoted 4 times
...
...
cslince
1 year, 9 months ago
Selected Answer: B
B is the correct answer
upvoted 1 times
...
leogor
1 year, 10 months ago
Selected Answer: B
B is correct obviously
upvoted 1 times
...
abirroy
2 years, 1 month ago
Selected Answer: B
B is the correct answer
upvoted 1 times
...
AzureDP900
2 years, 2 months ago
B is right, We need to open firewall rules to allow port 8080 and It shouldn't be wide open... like /24 network.
upvoted 2 times
...
haroldbenites
2 years, 3 months ago
go for B
upvoted 1 times
...
Jerickson
2 years, 7 months ago
Selected Answer: B
B is correct
upvoted 2 times
...
[Removed]
2 years, 8 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
vishnukumartr
2 years, 9 months ago
B. 1. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances with tier #2 service account ג€¢ Source filter: all instances with tier #1 service account ג€¢ Protocols: allow TCP:8080 2. Create an ingress firewall rule with the following settings: ג€¢ Targets: all instances with tier #3 service account ג€¢ Source filter: all instances with tier #2 service account ג€¢ Protocols: allow TCP: 8080
upvoted 1 times
...
Jaira1256
2 years, 9 months ago
Ans - B
upvoted 1 times
...
sunilw
3 years, 2 months ago
B is correct
upvoted 10 times
...
vmart
3 years, 2 months ago
B is correct
upvoted 2 times
...
shankyomre01
3 years, 3 months ago
B is correct
upvoted 4 times
...
mcaromit
3 years, 3 months ago
B is correct
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago