PROFESSIONAL-CLOUD-DEVOPS-ENGINEER Question #14: Real Exam Question with Answer & Explanation

Question

You are running a real-time gaming application on Compute Engine that has a production and testing environment. Each environment has their own Virtual Private Cloud (VPC) network. The application frontend and backend servers are located on different subnets in the environment's VPC. You suspect there is a malicious process communicating intermittently in your production frontend servers. You want to ensure that network traffic is captured for analysis. What should you do?

Options

• AEnable VPC Flow Logs on the production VPC network frontend and backend subnets only with a
• BEnable VPC Flow Logs on the production VPC network frontend and backend subnets only with a
• CEnable VPC Flow Logs on the testing and production VPC network frontend and backend
• DEnable VPC Flow Logs on the testing and production VPC network frontend and backend

Explanation

VPC Flow Logs should be enabled only on the production VPC subnets (frontend and backend) since the suspected malicious activity is in production - enabling them on the testing environment (options C and D) is unnecessary and adds cost. The key differentiator between options A and B is the sampling rate configuration: because the malicious communication is intermittent, you need a high sampling rate (ideally 1.0 / 100%) to ensure no traffic is missed during the investigation. Option A uses a lower sampling rate which could miss the intermittent communications. Option B's higher sampling rate guarantees full traffic capture for forensic analysis.

No community discussion yet for this question.