Google Cloud Professional Cloud Network Engineer — Question 239

Your company uses VPC firewall rules and denies all egress traffic. You need to allow some VMs to contact external websites based on their fully qualified domain name (FQDN). You apply the new configuration, but the traffic is still denied. You need to adjust your setup to apply the new configuration. What would you do?

Answer options

• A. Raise the priority of the network firewall policy rules.
• B. Lower the priority of the network firewall policy rules.
• C. Update the default policy and rule evaluation order to BEFORE_CLASSIC_FIREWALL.
• D. Update the default policy and rule evaluation order to AFTER_CLASSIC_FIREWALL.

Correct answer: C

Explanation

The correct choice is C because setting the rule evaluation order to BEFORE_CLASSIC_FIREWALL allows the new rules to take precedence and be evaluated first, thus enabling the specified traffic. Options A and B focus on adjusting the priority of existing rules but do not address the evaluation order, while D would place the new rules after existing classic firewall rules, which is not the desired outcome.