Domain 3.5: Deploying and implementing networking resources — GCP ACE Practice Question 30

How to approach this question

Understand the direction of traffic (ingress) and how to apply rules to specific VMs (target tags).

Full Answer

To allow incoming traffic from the internet, you need an 'ingress' firewall rule with a source IP range of `0.0.0.0/0`. To restrict this rule so it only applies to specific VMs, you use 'target tags'. You define a target tag (e.g., 'web-server') on the firewall rule, and then add that same tag to the network interfaces of the specific Compute Engine instances.

Common mistakes

Confusing target tags (which VMs the rule applies to) with source tags (where the traffic is coming from).

You have a VPC network with several Compute Engine instances. You want to allow incoming HTTP (port 80) traffic from the public internet, but ONLY to specific instances that serve as web servers. You want to manage this using network tags.

Which TWO actions must you take? (Select TWO)

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 5

More questions from this exam

You have a VPC network with several Compute Engine instances. You want to allow incoming HTTP (port 80) traffic from the public internet, but ONLY to specific instances that serve as web servers. You want to manage this using network tags. Which TWO actions must you take? (Select TWO)

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 5

More questions from this exam

You have a VPC network with several Compute Engine instances. You want to allow incoming HTTP (port 80) traffic from the public internet, but ONLY to specific instances that serve as web servers. You want to manage this using network tags.

Which TWO actions must you take? (Select TWO)