Google Professional Cloud Security Engineer Exam - Topic 2 Question 41 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 41
Topic #: 2

[All Professional Cloud Security Engineer Questions]

Users are reporting an outage on your public-facing application that is hosted on Compute Engine. You suspect that a recent change to your firewall rules is responsible. You need to test whether your firewall rules are working properly. What should you do?

AEnable Firewall Rules Logging on the latest rules that were changed. Use Logs Explorer to analyze whether the rules are working correctly.

BConnect to a bastion host in your VPC. Use a network traffic analyzer to determine at which point your requests are being blocked.

CIn a pre-production environment, disable all firewall rules individually to determine which one is blocking user traffic.

DEnable VPC Flow Logs in your VPC. Use Logs Explorer to analyze whether the rules are working correctly.

Show Suggested Answer

Suggested Answer: A

by Cordelia at May 04, 2022, 03:45 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Hana

4 months ago

Wait, can we really just disable all rules in pre-prod? That sounds sketchy!

upvoted 0 times

...

Thaddeus

4 months ago

D is interesting, but I’m not sure if it’s necessary.

upvoted 0 times

...

Casandra

4 months ago

C sounds risky, what if you accidentally block everything?

upvoted 0 times

...

Irene

4 months ago

I think B could work too, but it seems more complicated.

upvoted 0 times

...

Jaclyn

5 months ago

A is the best option, definitely!

upvoted 0 times

...

Ozell

5 months ago

Enabling VPC Flow Logs seems like a solid approach, but I wonder if it provides enough detail to pinpoint the exact problem.

upvoted 0 times

...

Clorinda

5 months ago

I practiced disabling firewall rules in a lab, but I feel like doing that in production could cause more issues.

upvoted 0 times

...

Gracia

5 months ago

I think connecting to a bastion host and using a network analyzer sounds familiar, but I can't recall if that's the best first step to take.

upvoted 0 times

...

Kanisha

5 months ago

I remember we discussed enabling logging for firewall rules, but I'm not sure if it was specifically for the latest changes or all rules.

upvoted 0 times

...

Nenita

5 months ago

I feel like I'm missing something here. The question mentions tracking defective items, but some of these options seem more focused on the financial side of vendor returns. I want to make sure I'm addressing the core requirement.

upvoted 0 times

...

Dottie

5 months ago

Okay, let's see. The question says the AI manifest has a configuration type of 'zone' and a name of 'dbzone'. Based on that, I'm guessing the zone.cfg file is some kind of configuration file related to setting up a zone. I'll try to eliminate the answers that don't seem to fit that.

upvoted 0 times

...

Johanna

5 months ago

I'm a little confused by the wording of these options. Can clinical practice guidelines really be described as "detailed plans of medical treatment"? That doesn't sound quite right to me.

upvoted 0 times

...

Brynn

5 months ago

I recall businesses prone to money laundering should trigger extra scrutiny. So that's likely the third indicator.

upvoted 0 times

...