Google Cloud Associate Cloud Engineer — Question 128

You are working with a user to set up an application in a new VPC behind a firewall. The user is concerned about data egress. You want to configure the fewest open egress ports. What should you do?

Answer options

• A. Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.
• B. Set up a high-priority (1000) rule that pairs both ingress and egress ports.
• C. Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports.
• D. Set up a high-priority (1000) rule to allow the appropriate ports.

Correct answer: A

Explanation

The correct answer is A because it employs a low-priority rule to block all egress traffic, ensuring that only specified ports are opened by the high-priority rule. Options B and D do not effectively restrict the number of open egress ports, while option C incorrectly suggests blocking egress in a high-priority rule, which would not allow for the necessary traffic.