ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Subtask 2.1: Network TopologiesHierarchical FirewallSecurityNetworkingOrganization Node

GCP PCA · Question 37 · Network Topologies

You are the network administrator for a large GCP organization. The security team wants to enforce a rule that blocks all outbound SSH traffic to the internet across ALL projects in the organization. Individual project owners must not be able to override this rule. Which TWO steps should you take? (Select TWO)

Answer options:

A.

Create a standard VPC firewall rule in every project with a priority of 0.

B.

Create a Hierarchical Firewall Policy at the Organization node.

C.

Configure an Organization Policy constraint to disable SSH.

D.

Use VPC Service Controls to block port 22.

E.

Add a rule to the policy to deny egress traffic on port 22 and set the action to 'Deny'.

How to approach this question

Look for the firewall feature that applies globally across an organization and cannot be overridden by project owners.

Full Answer

Hierarchical Firewall Policies allow security administrators to define and enforce firewall rules at the Organization or Folder level. These rules are evaluated before VPC-level firewall rules. By creating a deny rule for egress port 22 at the Organization node, you guarantee that no VM in any project can initiate an outbound SSH connection, and project owners cannot override it.

Common mistakes

Thinking Organization Policies (Option C) handle network traffic. Org Policies handle API resource constraints, while Firewall Policies handle network packets.
36All questions38

Practice the full GCP Professional Cloud Architect Practice Exam 7

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...HardQ02CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...MediumQ03CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...MediumQ04CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...MediumQ05CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...Medium
View all 50 questions →