Your organization wants to deploy an internal application named app-1 in VPC-1. The appli…

Question

Your organization wants to deploy an internal application named app-1 in VPC-1. The application will consume services from another internal application named app-2 in VPC-2. VPC Network Peering will connect both applications. You need to apply microsegmentation between these two applications and VPCs. What should you do?

Accepted Answer

Correct answer: D. D. Assign secure tags to these applications: secure-tag-app-1 to app-1 and secure-tag-app-2 to app-2. Configure a network firewall policy that is attached to VPC-2 with an ingress rule that allows traffic from secure-tag-app-1 to secure-tag-app-2. Leave the default deny ingress rule and the default allow egress rule. — The correct answer is D because it specifies the use of secure tags and a network firewall policy attached to VPC-2, which is essential for controlling ingress traffic between the two VPCs. Options A and C mention network tags instead of secure tags, which are not as effective for microsegmentation. Option B, while using secure tags, does not mention a network firewall policy attached to VPC-2, making it less suitable for the required microsegmentation.

Google Cloud Professional Cloud Network Engineer — Question 233

Answer options

Correct answer: D

Explanation