Domain 3.5: Deploying and implementing networking resources — GCP ACE Practice Question 30

How to approach this question

Use network tags to dynamically apply firewall rules to specific groups of instances.

Full Answer

Assign a network tag (e.g., 'web') to the Web servers and a tag (e.g., 'db') to the Database servers., Create an ingress firewall rule targeting the 'db' tag, with the source filter set to the 'web' tag.

To dynamically apply firewall rules, you should use network tags (or service accounts). By tagging the web servers as 'web' and database servers as 'db', you can create a single ingress firewall rule. The rule's target is the 'db' tag (applying it to the database servers), and the source filter is the 'web' tag (allowing only traffic from the web servers).

Common mistakes

Trying to use destination tags in an egress rule (GCP does not support destination tags, only source tags/service accounts).

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 3

More questions from this exam