Google Cloud Professional Cloud Security Engineer — Question 91

You need to audit the network segmentation for your Google Cloud footprint. You currently operate Production and Non-Production infrastructure-as-a-service
(IaaS) environments. All your VM instances are deployed without any service account customization.
After observing the traffic in your custom network, you notice that all instances can communicate freely `" despite tag-based VPC firewall rules in place to segment traffic properly `" with a priority of 1000. What are the most likely reasons for this behavior?

Answer options

• A. All VM instances are missing the respective network tags.
• B. All VM instances are residing in the same network subnet.
• C. All VM instances are configured with the same network route.
• D. A VPC firewall rule is allowing traffic between source/targets based on the same service account with priority 999. E . A VPC firewall rule is allowing traffic between source/targets based on the same service account with priority 1001.

Correct answer: A, D

Explanation

The correct answer is A because without the appropriate network tags, the tag-based VPC firewall rules cannot take effect, allowing unrestricted communication. Option D is also correct as a rule with a higher priority (999) could allow traffic that bypasses the intended segmentation, while options B and C do not directly relate to the configuration of VPC firewall rules affecting traffic flow.