ExpertGCP ACE · Question 30 · Domain 3.5: Deploying and implementing networking resources
You have a VPC network with several Compute Engine instances. You want to allow incoming HTTP (port 80) traffic ONLY to specific instances acting as web servers, while blocking it for database instances in the same subnet.
Which TWO steps should you take to implement this using GCP Firewall Rules? (Select TWO)
You have a VPC network with several Compute Engine instances. You want to allow incoming HTTP (port 80) traffic ONLY to specific instances acting as web servers, while blocking it for database instances in the same subnet.
Which TWO steps should you take to implement this using GCP Firewall Rules? (Select TWO)
Answer options:
Create a new subnet specifically for the web servers.
Add a specific network tag (e.g., 'web-server') to the web server instances.
Create an ingress firewall rule allowing port 80 and set the 'Target tags' to the tag used on the web servers.
Configure the guest OS firewall (e.g., iptables) on the database instances to block port 80.
Create an egress firewall rule blocking port 80 from the database instances.
How to approach this question
Full Answer
Common mistakes
Practice the full GCP Associate Cloud Engineer Practice Exam 4
50 questions · hints · full answers · grading