Google Cloud Professional Cloud Security Engineer — Question 88

Users are reporting an outage on your public-facing application that is hosted on Compute Engine. You suspect that a recent change to your firewall rules is responsible. You need to test whether your firewall rules are working properly. What should you do?

Answer options

• A. Enable Firewall Rules Logging on the latest rules that were changed. Use Logs Explorer to analyze whether the rules are working correctly.
• B. Connect to a bastion host in your VPC. Use a network traffic analyzer to determine at which point your requests are being blocked.
• C. In a pre-production environment, disable all firewall rules individually to determine which one is blocking user traffic.
• D. Enable VPC Flow Logs in your VPC. Use Logs Explorer to analyze whether the rules are working correctly.

Correct answer: A

Explanation

The correct answer is A because enabling Firewall Rules Logging allows you to see the specific actions taken by the firewall, helping to identify if the recent changes are the issue. Option B, while useful, does not directly test the firewall rules themselves. Option C is risky as it could lead to a complete loss of protection in a production environment. Option D, although it provides information about network traffic, does not specifically test the functionality of the firewall rules as directly as option A does.