Google Cloud Professional Cloud DevOps Engineer — Question 90

You are managing an application that runs in Compute Engine. The application uses a custom HTTP server to expose an API that is accessed by other applications through an internal TCP/UDP load balancer. A firewall rule allows access to the API port from 0.0.0.0/0. You need to configure Cloud Logging to log each IP address that accesses the API by using the fewest number of steps. What should you do first?

Answer options

• A. Enable Packet Mirroring on the VPC.
• B. Install the Ops Agent on the Compute Engine instances.
• C. Enable logging on the firewall rule.
• D. Enable VPC Flow Logs on the subnet.

Correct answer: C

Explanation

The correct answer is C because enabling logging on the firewall rule will directly capture the access attempts to the API, including the IP addresses. The other options either involve more complex setups or do not specifically log API access, making them less efficient for this requirement.