Domain 3.5: Deploying and implementing networking resources — GCP ACE Practice Question 30

How to approach this question

Understand how source tags and target tags work in GCP firewall rules.

Full Answer

Add the tag 'app-server' to the application instances and 'db-server' to the database instances., Create an ingress firewall rule targeting 'db-server' that allows port 3306 from source tags 'app-server'.

In Google Cloud, firewall rules can use network tags to identify instances. To restrict traffic, you tag your instances appropriately (e.g., 'app-server' and 'db-server'). Then, you create an ingress firewall rule. The 'target tag' is 'db-server' (meaning the rule applies to the databases), and the 'source tag' is 'app-server' (meaning only traffic originating from VMs with that tag is allowed).

Common mistakes

Confusing source tags and target tags, or creating egress rules instead of ingress rules.

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 7

More questions from this exam