Google Cloud Professional Cloud Network Engineer — Question 130

Your company's security team wants to limit the type of inbound traffic that can reach your web servers to protect against security threats. You need to configure the firewall rules on the web servers within your Virtual Private Cloud (VPC) to handle HTTP and HTTPS web traffic for TCP only. What should you do?

Answer options

• A. Create an allow on match ingress firewall rule with the target tag “web-server” to allow all IP addresses for TCP port 80.
• B. Create an allow on match egress firewall rule with the target tag “web-server” to allow all IP addresses for TCP port 80.
• C. Create an allow on match ingress firewall rule with the target tag “web-server” to allow all IP addresses for TCP ports 80 and 443.
• D. Create an allow on match egress firewall rule with the target tag “web-server" to allow web server IP addresses for TCP ports 80 and 443.

Correct answer: C

Explanation

The correct answer is C because it specifies an ingress firewall rule, which is necessary for allowing incoming HTTP (port 80) and HTTPS (port 443) traffic to the web servers. Options A and B are incorrect as they only address port 80 or focus on egress rules, which do not manage incoming traffic. Option D also fails because it limits access to web server IP addresses rather than allowing all necessary traffic.