Question-10: Active Directory is a directory service that stores information about objects on a network and makes it simple for administrators and users to locate and utilize this information. The logical, hierarchical organization of directory information is supported by Active Directory through the utilization of a structured data store as the foundation. It is important that each instance of Compute Engine within your VPC is able to connect to an Active Directory server using the appropriate port. It is forbidden for your instances to produce any additional types of traffic. You want to make sure that this is followed by utilizing the VPC firewall rules. In what way should the rules of the firewall be configured?
A. Construct an egress rule with a priority of 1000, which will prevent any and all traffic from entering any instances. Create a new egress rule with a priority of 100, and name it Active Directory Traffic. This will let the traffic through for all instances.
B. Construct an egress rule with a priority of 100 that will prevent any and all traffic from entering any instances. Create a new egress rule with a priority of 1000, and name it Active Directory Traffic. This will enable the traffic to pass through for all instances.
C. Make an egress rule with a priority of 1000 so that the traffic from Active Directory may pass through. Rely on the implicit refuse egress rule with priority 100 to prevent any traffic from leaving the system at any time.
D. Construct an egress rule with a priority of 100 in order to permit traffic from the Active Directory. Rely on the implicit refuse egress rule with priority 1000 to prevent any and all traffic from entering or leaving any instance.
Correct Answer
Get All 340 Questions and Answer for Google Professional Cloud Architect
: 1 Explanation: There is no implied deny egress but only implied allow egress. Every VPC network has two implied firewall rules. These rules exist, but are not shown in the Cloud Console: The implied allow egress rule: An egress rule whose action is allow, destination is 0.0.0.0/0, and priority is the lowest possible (65535) lets any instance send traffic to any destination, except for traffic blocked by GCP. Outbound access may be restricted by a higher priority firewall rule. Internet access is allowed if no other firewall rules deny outbound traffic and if the instance has an external IP address or uses a NAT instance. Refer to Internet access requirements for more details. The implied deny ingress rule: An ingress rule whose action is deny, source is 0.0.0.0/0, and priority is the lowest possible (65535) protects all instances by blocking incoming traffic to them. Incoming access may be allowed by a higher priority rule. Note that the default network includes some additional rules that override this one, allowing certain types of incoming traffic. Firewall rules control network traffic by blocking or allowing traffic into (ingress) or out of (egress) a network. Two implied firewall rules are defined with VPCs: one blocks all incoming traffic, and the other allows all outgoing traffic. You can change this behavior Virtual Private Clouds 115 116 Chapter 6 ? Designing Networks by defining firewall rules with higher priority. Firewall rules have a priority specified by an integer from 0 to 65535, with 0 being the highest priority and 65535 being the lowest. Create an egress rule with priority 1000 to deny all traffic for all instances. Create another egress rule with priority 100 to allow the Active Directory traffic for all instances. Default Firewall rules (aka implied rules) are as follows: 1) Egress traffic is allowed to all IP/ports. 2) Ingress