Google Cloud Professional Cloud Network Engineer — Question 80

Your company's security team tends to use managed services when possible. You need to build a dashboard to show the number of deny hits that occur against configured firewall rules without increasing operational overhead. What should you do?

Answer options

• A. Configure Firewall Rules Logging. Use Firewall Insights to display the number of hits.
• B. Configure Firewall Rules Logging. View the logs in Cloud Logging, and create a custom dashboard in Cloud Monitoring to display the number of hits.
• C. Configure a firewall appliance from the Google Cloud Marketplace. Route all traffic through this appliance, and apply the firewall rules at this layer. Use the firewall appliance to display the number of hits.
• D. Configure Packet Mirroring on the VPC. Apply a filter with an IP address list of the Denied Firewall rules. Configure an intrusion detection system (IDS) appliance as the receiver to display the number of hits.

Correct answer: B

Explanation

The correct answer is B because it allows you to utilize existing logging features in a managed service environment, thereby reducing operational overhead while creating a custom dashboard for monitoring. Option A does not provide a custom dashboard, while options C and D involve deploying additional infrastructure that could increase operational complexity.