CLOUD-DIGITAL-LEADER · Question #105
CLOUD-DIGITAL-LEADER Question #105: Real Exam Question with Answer & Explanation
The correct answer is B: Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows. Implied rules Every VPC network has two implied firewall rules. These rules exist, but are not shown in the Cloud Console: Implied allow egress rule. An egress rule whose action is allow, destination is 0.0.0.0/0, and priority is the lowest possible (65535) lets any instance send
Question
You are working with a user to set up an application in a new VPC behind a firewall and it is no- ticed that the user is concerned about data egress. Therefore, to provide assistance you want to con-figure the fewest open egress ports. Which of the following statement is correct?
Options
- ASet up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows
- BSet up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows
- CSet up a high-priority (1000) rule to allow the appropriate ports.
- DSet up a high-priority (1000) rule that pairs both ingress and egress ports.
Explanation
Implied rules Every VPC network has two implied firewall rules. These rules exist, but are not shown in the Cloud Console: Implied allow egress rule. An egress rule whose action is allow, destination is 0.0.0.0/0, and priority is the lowest possible (65535) lets any instance send traffic to any destination, except for traffic blocked by Google Cloud. A higher priority firewall rule may restrict outbound access. Internet access is allowed if no other firewall rules deny outbound traffic and if the instance has an external IP address or uses a Cloud NAT instance. For more information, see Internet access https://cloud.google.com/vpc/docs/firewalls
Topics
Community Discussion
No community discussion yet for this question.