ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 3.5: Deploying and implementing networking resourcesDomain 3NetworkingFirewallTags

GCP ACE · Question 30 · Domain 3.5: Deploying and implementing networking resources

You have a VPC network with several Compute Engine instances. You want to allow incoming HTTP (port 80) traffic from the public internet, but ONLY to specific instances that serve as web servers. You want to manage this using network tags.

Which TWO actions must you take? (Select TWO)

Answer options:

A.

Create an ingress firewall rule allowing tcp:80 with the source range 0.0.0.0/0

B.

Set the target tags of the firewall rule to 'web-server' and apply the 'web-server' tag to the specific instances

C.

Set the source tags of the firewall rule to 'web-server'

D.

Create an egress firewall rule allowing tcp:80 to 0.0.0.0/0

E.

Apply the 'http-server' tag to all instances in the VPC

How to approach this question

Understand the direction of traffic (ingress) and how to apply rules to specific VMs (target tags).

Full Answer

Create an ingress firewall rule allowing tcp:80 with the source range 0.0.0.0/0, Set the target tags of the firewall rule to 'web-server' and apply the 'web-server' tag to the specific instances
To allow incoming traffic from the internet, you need an 'ingress' firewall rule with a source IP range of `0.0.0.0/0`. To restrict this rule so it only applies to specific VMs, you use 'target tags'. You define a target tag (e.g., 'web-server') on the firewall rule, and then add that same tag to the network interfaces of the specific Compute Engine instances.

Common mistakes

Confusing target tags (which VMs the rule applies to) with source tags (where the traffic is coming from).
29All questions31

Practice the full GCP Associate Cloud Engineer Practice Exam 5

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01You are starting a new initiative and need to create a new Google Cloud project using the command...EasyQ02A developer on your team needs to manage App Engine applications, including deploying new version...MediumQ03You have created a new Google Cloud project. You need to allow a specific group of developers to ...MediumQ04Which statement best describes the relationship between Google Cloud projects and billing accounts?EasyQ05Your company wants to be notified immediately in their Slack channel whenever their monthly Googl...Medium
View all 50 questions →