Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Network Engineer Exam - Topic 2 Question 98 Discussion

Actual exam question for Google's Professional Cloud Network Engineer exam
Question #: 98
Topic #: 2
[All Professional Cloud Network Engineer Questions]

Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: B

Cloud NGFW Enterprise provides TLS inspection to detect and manage threats within encrypted traffic. Configuring firewall rules for TLS inspection enables granular monitoring and filtering, ensuring secure internet traffic.


by Makeda at Nov 18, 2024, 04:48 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Network Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Veda
4 months ago
C is interesting, but managing agents on every VM sounds like a hassle.
upvoted 0 times
...
Catalina
4 months ago
D could work, but I’m not sure about the effectiveness of VPC Flow Logs.
upvoted 0 times
...
Annette
4 months ago
Wait, can we really intercept TLS traffic like that? Seems risky.
upvoted 0 times
...
Colette
4 months ago
I think A is a better choice for TLS inspection.
upvoted 0 times
...
Shalon
5 months ago
Option B sounds solid for inspecting egress traffic.
upvoted 0 times
...
Jesusa
5 months ago
I vaguely recall that VPC Flow Logs can help with monitoring, but I'm not confident about how effective they are for real-time inspection.
upvoted 0 times
...
Rikki
5 months ago
I feel like configuring a TLS agent on each VM could be overkill. Wouldn't that complicate things too much?
upvoted 0 times
...
Erinn
5 months ago
I think using Cloud NGFW Enterprise with the tls-inspect flag sounds familiar. We practiced a similar question about inspecting encrypted traffic last week.
upvoted 0 times
...
Yasuko
5 months ago
I remember discussing TLS inspection in class, but I'm not sure if Cloud Armor is the right choice here. It seems more focused on DDoS protection.
upvoted 0 times
...
Tarra
5 months ago
Option D looks interesting, using Cloud NGFW Essentials and VPC Flow Logs. I wonder if that would be a more cost-effective solution compared to the Enterprise version. I'll make sure to weigh the pros and cons of each approach.
upvoted 0 times
...
Margurite
5 months ago
I feel pretty confident about this one. The key is to ensure that the encrypted traffic is inspected, so I'm leaning towards option C - configuring a TLS agent on each VM to intercept the traffic before it reaches the internet.
upvoted 0 times
...
Kathrine
5 months ago
Hmm, I'm a bit confused about the different options here. Do we really need to use Cloud NGFW Enterprise, or would the Essentials version work as well? I'll need to read through the options more carefully.
upvoted 0 times
...
Mica
5 months ago
This seems like a straightforward question about inspecting encrypted traffic. I think I'll go with option B - using Cloud NGFW Enterprise and creating a firewall rule with the tls-inspect flag.
upvoted 0 times
...
Sonia
1 year ago
I'm not sure, but B sounds like it might be the most practical and efficient solution here. Cloud NGFW Enterprise seems like the way to go.
upvoted 0 times
Penney
1 year ago
D) Use Cloud NGFW Essentials. Create a firewall rule for egress traffic and enable VPC Flow Logs with the TLS inspect option. Analyze the output logs content and block the outputs that have malicious activities.
upvoted 0 times
...
Mozell
1 year ago
C) Configure a TLS agent on every VM to intercept TLS traffic before it reaches the internet. Configure Sensitive Data Protection to analyze and allow/deny the content.
upvoted 0 times
...
Isreal
1 year ago
B) Use Cloud NGFW Enterprise. Create a firewall rule for egress traffic with the tls-inspect flag and associate the firewall rules with the VMs.
upvoted 0 times
...
Lezlie
1 year ago
A) Enable Cloud Armor TLS inspection policy, and associate the policy with the backend VMs.
upvoted 0 times
...
...
Susana
1 year ago
Haha, D is the funniest option! Analyzing VPC Flow Logs for TLS traffic? That's like trying to find a needle in a haystack!
upvoted 0 times
...
Ruthann
1 year ago
I think C is the way to go. Intercepting the TLS traffic at the VM level and analyzing the content is a more comprehensive approach.
upvoted 0 times
Leslie
1 year ago
I think option B might be more efficient in terms of managing the traffic flow and inspection process.
upvoted 0 times
...
Tomoko
1 year ago
I agree, option C seems like a thorough solution to tackle the malicious activities.
upvoted 0 times
...
...
Lavera
1 year ago
B is the way to go! Cloud NGFW Enterprise is the best option to inspect the encrypted traffic and protect against those malicious activities.
upvoted 0 times
Lore
1 year ago
D) Use Cloud NGFW Essentials. Create a firewall rule for egress traffic and enable VPC Flow Logs with the TLS inspect option. Analyze the output logs content and block the outputs that have malicious activities.
upvoted 0 times
...
Venita
1 year ago
D) Use Cloud NGFW Essentials. Create a firewall rule for egress traffic and enable VPC Flow Logs with the TLS inspect option. Analyze the output logs content and block the outputs that have malicious activities.
upvoted 0 times
...
Juliana
1 year ago
B is the way to go! Cloud NGFW Enterprise is the best option to inspect the encrypted traffic and protect against those malicious activities.
upvoted 0 times
...
Christiane
1 year ago
B) Use Cloud NGFW Enterprise. Create a firewall rule for egress traffic with the tls-inspect flag and associate the firewall rules with the VMs.
upvoted 0 times
...
Serina
1 year ago
A) Enable Cloud Armor TLS inspection policy, and associate the policy with the backend VMs.
upvoted 0 times
...
Reid
1 year ago
B) Agreed! Cloud NGFW Enterprise provides the necessary tools to inspect encrypted traffic and prevent malicious activities.
upvoted 0 times
...
Charlette
1 year ago
A) Enable Cloud Armor TLS inspection policy, and associate the policy with the backend VMs.
upvoted 0 times
...
Lacey
1 year ago
B) Use Cloud NGFW Enterprise. Create a firewall rule for egress traffic with the tls-inspect flag and associate the firewall rules with the VMs.
upvoted 0 times
...
...
Wilburn
1 year ago
I'm not sure about option B. I think option D could also work well by enabling VPC Flow Logs with the TLS inspect option to analyze and block malicious activities.
upvoted 0 times
...
Trina
1 year ago
I agree with Brendan. Option B seems like the most effective way to inspect encrypted traffic to the internet and prevent malicious activities.
upvoted 0 times
...
Brendan
1 year ago
I think option B sounds like a good solution. Using Cloud NGFW Enterprise with a firewall rule for egress traffic seems like a solid plan.
upvoted 0 times
...

Save Cancel