Google Cloud Professional Cloud Network Engineer — Question 182

You are configuring the intrusion prevention service (IPS) feature on Cloud Next Generation Firewall Enterprise. You deployed your firewall endpoints and you need to inspect the traffic of the VMs. What should you do?

Answer options

• A. Configure Packet Mirroring to match the source/destination IP addresses of the VMs.
• B. Configure a firewall rule to match the source/destination IP addresses of the VMs, and use the goto_next action.
• C. Configure a firewall rule to match the hostnames of the VMs, and use the apply_security_profile_group action.
• D. Configure a firewall rule to match the source/destination IP addresses of the VMs, and use the apply_security_profile_group action.

Correct answer: D

Explanation

The correct answer is D because configuring a firewall rule to match the source/destination IP addresses and applying the security profile group allows for proper traffic inspection by the IPS. Option A does not enable IPS functionality; option B uses an incorrect action that doesn't apply security profiles, and option C focuses on hostnames, which is less effective for IP-based traffic inspection.