Google Cloud Professional Cloud Network Engineer — Question 247

You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with a resource outside of its subnet. When you review the flow and firewall logs, you do not see any denied traffic listed.
During troubleshooting you find:
"¢ Flow logs are enabled for the VPC subnet, and all firewall rules are set to log.
"¢ The subnetwork logs are not excluded from Stackdriver.
"¢ The instance that is hosting the application can communicate outside the subnet.
"¢ Other instances within the subnet can communicate outside the subnet.
"¢ The external resource initiates communication.
What is the most likely cause of the missing log lines?

Answer options

• A. The traffic is matching the expected ingress rule.
• B. The traffic is matching the expected egress rule.
• C. The traffic is not matching the expected ingress rule.
• D. The traffic is not matching the expected egress rule.

Correct answer: C

Explanation

The correct answer is C because the instance is unable to receive incoming traffic from the external resource, indicating that the expected ingress rule is not being matched. Options A and B are incorrect as they suggest that the traffic is permitted, while D is incorrect because the problem specifically lies with incoming traffic, not outgoing.