ExpertMedium1 markMultiple Choice
Domain 3.5: Deploying and implementing networking resourcesFirewall RulesNetworkingSecurityService Accounts
GCP ACE · Question 29 · Domain 3.5: Deploying and implementing networking resources
You have a 3-tier application deployed on Compute Engine: Web, App, and Database tiers. You need to create firewall rules to ensure that only the Web tier can communicate with the App tier, and only the App tier can communicate with the Database tier.
According to Google Cloud best practices, which TWO methods should you use to target these specific instances in your firewall rules? (Select TWO)
You have a 3-tier application deployed on Compute Engine: Web, App, and Database tiers. You need to create firewall rules to ensure that only the Web tier can communicate with the App tier, and only the App tier can communicate with the Database tier.
According to Google Cloud best practices, which TWO methods should you use to target these specific instances in your firewall rules? (Select TWO)
Answer options:
A.
Target by specific internal IP addresses.
B.
Target by Network Tags.
C.
Target by Instance Names.
D.
Target by Service Accounts.
E.
Target by Subnets.
How to approach this question
Identify the two dynamic ways GCP allows you to apply firewall rules to specific VMs.
Full Answer
In GCP, you can apply firewall rules dynamically using Network Tags or Service Accounts. Service Accounts are the strictest and most recommended approach because they are centrally managed via IAM and cannot be arbitrarily changed by developers, unlike Network Tags.
Common mistakes
Choosing IP addresses, which is a legacy on-premises approach that doesn't work well in autoscaling cloud environments.
Practice the full GCP Associate Cloud Engineer Practice Exam 2
50 questions · hints · full answers · grading
More questions from this exam
Q01Your company is migrating to Google Cloud and needs to establish a resource hierarchy. You have t...EasyQ02You are managing access to a GCP project. You need to grant 15 developers the ability to view Com...MediumQ03You have created a new GCP project using the Cloud Console. You want to deploy a Cloud Function u...EasyQ04Your startup has a strict monthly cloud budget of $500. You want to be notified immediately if yo...EasyQ05Your finance team wants to perform complex SQL analysis on your GCP billing data to understand co...Medium