Google Cloud Professional Cloud Network Engineer — Question 145

You suspect that one of the virtual machines (VMs) in your default Virtual Private Cloud (VPC) is under a denial-of-service attack. You need to analyze the incoming traffic for the VM to understand where the traffic is coming from. What should you do?

Answer options

• A. Enable Data Access audit logs of the VPC. Analyze the logs and get the source IP addresses from the subnetworks.get field.
• B. Enable VPC Flow Logs for the subnet. Analyze the logs and get the source IP addresses from the connection field.
• C. Enable VPC Flow Logs for the VPAnalyze the logs and get the source IP addresses from the src_location field.
• D. Enable Data Access audit logs of the subnet. Analyze the logs and get the source IP addresses from the networks.get field.

Correct answer: B

Explanation

The correct approach is to enable VPC Flow Logs for the subnet, as this will provide detailed information about the traffic, including source IP addresses in the connection field. The other options either refer to incorrect log types or fields that do not provide the necessary traffic details needed to analyze a denial-of-service attack.