Google Cloud Professional Cloud Network Engineer — Question 179

You have recently taken over responsibility for your organization's Google Cloud network security configurations. You want to review your Cloud Next Generation Firewall (Cloud NGFW) configurations and ensure there are no rules that are allowing ingress traffic to your VMs and services from the internet. You want to avoid manual work. What should you do?

Answer options

• A. Review the firewall policy rules associated with the VPC, and filter for rules that allow ingress from 0.0.0.0/0.
• B. Enable "Overly permissive rules insights" in Firewall Insights. Review results for rules that show allowed ingress traffic from internet sources.
• C. Run Connectivity Tests from multiple external sources to double-check ingress traffic settings.
• D. Enable the Network Analyzer API and review the "VPC Network" category insights.

Correct answer: B

Explanation

The correct answer is B because enabling 'Overly permissive rules insights' in Firewall Insights provides a comprehensive overview of any rules that allow ingress traffic from internet sources, which aligns with your goal of reviewing security configurations efficiently. Option A is too narrow, focusing only on a specific IP range, while C requires manual testing from multiple sources, and D involves a different method that may not directly address the ingress traffic concerns as effectively.