Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 2 Question 41 Discussion

Users are reporting an outage on your public-facing application that is hosted on Compute Engine. You suspect that a recent change to your firewall rules is responsible. You need to test whether your firewall rules are working properly. What should you do?
A) Enable Firewall Rules Logging on the latest rules that were changed. Use Logs Explorer to analyze whether the rules are working correctly.
B) Connect to a bastion host in your VPC. Use a network traffic analyzer to determine at which point your requests are being blocked.
C) In a pre-production environment, disable all firewall rules individually to determine which one is blocking user traffic.
D) Enable VPC Flow Logs in your VPC. Use Logs Explorer to analyze whether the rules are working correctly.

Google Professional Cloud Security Engineer Exam - Topic 2 Question 41 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 41
Topic #: 2
[All Professional Cloud Security Engineer Questions]

Users are reporting an outage on your public-facing application that is hosted on Compute Engine. You suspect that a recent change to your firewall rules is responsible. You need to test whether your firewall rules are working properly. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Cordelia at May 04, 2022, 03:45 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Hana
7 months ago
Wait, can we really just disable all rules in pre-prod? That sounds sketchy!
upvoted 0 times
...
Thaddeus
7 months ago
D is interesting, but I’m not sure if it’s necessary.
upvoted 0 times
...
Casandra
8 months ago
C sounds risky, what if you accidentally block everything?
upvoted 0 times
...
Irene
8 months ago
I think B could work too, but it seems more complicated.
upvoted 0 times
...
Jaclyn
8 months ago
A is the best option, definitely!
upvoted 0 times
...
Ozell
8 months ago
Enabling VPC Flow Logs seems like a solid approach, but I wonder if it provides enough detail to pinpoint the exact problem.
upvoted 0 times
...
Clorinda
8 months ago
I practiced disabling firewall rules in a lab, but I feel like doing that in production could cause more issues.
upvoted 0 times
...
Gracia
8 months ago
I think connecting to a bastion host and using a network analyzer sounds familiar, but I can't recall if that's the best first step to take.
upvoted 0 times
...
Kanisha
8 months ago
I remember we discussed enabling logging for firewall rules, but I'm not sure if it was specifically for the latest changes or all rules.
upvoted 0 times
...
Nenita
8 months ago
I feel like I'm missing something here. The question mentions tracking defective items, but some of these options seem more focused on the financial side of vendor returns. I want to make sure I'm addressing the core requirement.
upvoted 0 times
...
Dottie
8 months ago
Okay, let's see. The question says the AI manifest has a configuration type of 'zone' and a name of 'dbzone'. Based on that, I'm guessing the zone.cfg file is some kind of configuration file related to setting up a zone. I'll try to eliminate the answers that don't seem to fit that.
upvoted 0 times
...
Johanna
8 months ago
I'm a little confused by the wording of these options. Can clinical practice guidelines really be described as "detailed plans of medical treatment"? That doesn't sound quite right to me.
upvoted 0 times
...
Brynn
8 months ago
I recall businesses prone to money laundering should trigger extra scrutiny. So that's likely the third indicator.
upvoted 0 times
...

Save Cancel