PCSE Configuring network security • Complete Question Bank
Complete PCSE Configuring network security question bank — all 0 questions with answers and detailed explanations.
You have a Compute Engine VM that hosts a custom application. The VM has a tag 'app-server' and is in a VPC network with the following firewall rules (priority order from lowest to highest):
Rule 1: Priority 1000, direction INGRESS, source 0.0.0.0/0, target tag 'app-server', protocol tcp:80, action allow Rule 2: Priority 500, direction INGRESS, source 10.0.0.0/8, target tag 'app-server', protocol tcp:80, action deny Rule 3: Priority 2000, direction INGRESS, source 192.168.0.0/16, target tag 'app-server', protocol tcp:80, action allow
A user from IP 10.0.0.5 tries to access the application on port 80. Will the request be allowed or denied?
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
DDoS protection and WAF
Centralized security and risk management
Intrusion detection for network traffic
Logs of Google staff access to customer data
Data exfiltration prevention via service perimeters
Drag a concept onto its matching description — or click a concept then click the description.
Data protected while traveling over networks
Data protected when stored on disk
Customer-supplied encryption keys for Google Cloud resources
Customer-managed encryption keys via Cloud KMS
Google-managed encryption keys for all data at rest
Refer to the exhibit. ``` $ gcloud compute firewall-rules describe allow-ssh kind: compute#firewall name: allow-ssh network: default direction: INGRESS priority: 1000 sourceRanges: - 203.0.113.0/24 allowed: - IPProtocol: tcp ports: - '22' targetTags: - ssh-access ```
Refer to the exhibit. ``` $ gcloud compute networks subnets describe my-subnet --region=us-central1 cidr: 10.0.0.0/24 privateIpGoogleAccess: true enableFlowLogs: true ```
Refer to the exhibit. ``` $ gcloud compute routes describe default-route-0e1f destRange: 0.0.0.0/0 network: https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default nextHopGateway: https://www.googleapis.com/compute/v1/projects/my-project/global/gateways/default-internet-gateway priority: 1000 tags: [] ```
Refer to the exhibit. gcloud compute firewall-rules list --format="table(name, network, sourceRanges, allowed, direction, priority)" NAME NETWORK SOURCE_RANGES ALLOWED DIRECTION PRIORITY default-allow-http default 0.0.0.0/0 tcp:80 INGRESS 1000 default-allow-https default 0.0.0.0/0 tcp:443 INGRESS 1000 default-allow-icmp default 0.0.0.0/0 icmp INGRESS 65534 default-allow-rdp default 0.0.0.0/0 tcp:3389 INGRESS 65534 default-allow-ssh default 0.0.0.0/0 tcp:22 INGRESS 65534 default-deny-all-ingress default 0.0.0.0/0 all INGRESS [IMPLIED]
{
"name": "allow-api-traffic",
"priority": 1000,
"direction": "INGRESS",
"allowed": [{"IPProtocol": "tcp", "ports": ["443"]}],
"sourceServiceAccounts": ["api-sa@project.iam.gserviceaccount.com"],
"targetTags": ["api-instances"]
}