Google Cloud Professional Cloud Network Engineer — Question 121

Your organization is implementing a new security policy to control how firewall rules are applied to control flows between virtual machines (VMs). Using Google-recommended practices, you need to set up a firewall rule to enforce strict control of traffic between VM A and VM B. You must ensure that communications flow only from VM A to VM B within the VPC, and no other communication paths are allowed. No other firewall rules exist in the VPC. Which firewall rule should you configure to allow only this communication path?

Answer options

• A. Firewall rule direction: ingress Action: allow - Target: VM B service account - Source ranges: VM A service account Priority: 1000
• B. Firewall rule direction: ingress Action: allow - Target: specific VM B tag - Source ranges: VM A tag and VM A source IP address Priority: 1000
• C. Firewall rule direction: ingress Action: allow - Target: VM A service account - Source ranges: VM B service account and VM B source IP address Priority: 100
• D. Firewall rule direction: ingress Action: allow - Target: specific VM A tag - Source ranges: VM B tag and VM B source IP address Priority: 100

Correct answer: A

Explanation

The correct answer is A because it specifies that traffic is allowed only from VM A to VM B by targeting VM B's service account with VM A's service account as the source. The other options either allow traffic from VM B to VM A or are too broad by including tags or IP addresses, which would not enforce the strict control needed between the two VMs.