Google Cloud Professional Cloud Network Engineer — Question 215

You have recently taken over responsibility for your organization's Google Cloud network security configurations. You want to review your Cloud Next Generation Firewall (Cloud NGFW) configurations to ensure that there are no rules allowing ingress traffic to your VMs and services from the internet. You want to avoid manual work. What should you do?

Answer options

• A. Export all your Cloud NGFW rules into a CSV file and search for 0.0.0.0/0.
• B. Use Firewall Insights, and enable insights for Overly permissive rules.
• C. Run Connectivity Tests from multiple external sources to confirm that traffic is not allowed to ingress to your most critical services in Google Cloud.
• D. Review Network Analyzer insights on the VPC network category.

Correct answer: B

Explanation

The correct answer is B because Firewall Insights specifically provides visibility into overly permissive rules, which is vital for identifying any security gaps. Option A may help identify open rules, but it involves manual searching through a CSV file. Option C focuses on testing connectivity rather than reviewing configurations, and option D does not directly assess rule permissiveness, making them less effective for this scenario.