Google Cloud Professional Cloud Architect — Question 116

Your company uses the Firewall Insights feature in the Google Network Intelligence Center. You have several firewall rules applied to Compute Engine instances.
You need to evaluate the efficiency of the applied firewall ruleset. When you bring up the Firewall Insights page in the Google Cloud Console, you notice that there are no log rows to display. What should you do to troubleshoot the issue?

Answer options

• A. Enable Virtual Private Cloud (VPC) flow logging.
• B. Enable Firewall Rules Logging for the firewall rules you want to monitor.
• C. Verify that your user account is assigned the compute.networkAdmin Identity and Access Management (IAM) role.
• D. Install the Google Cloud SDK, and verify that there are no Firewall logs in the command line output.

Correct answer: B

Explanation

The correct answer is B because enabling Firewall Rules Logging is essential to capture and display logs for the firewall rules in question. Option A relates to VPC flow logging, which is not specific to firewall rules; C addresses user permissions, which may not affect logging output; and D involves command line verification, which does not resolve the logging issue directly.