A financial services company needs to inspect all inbound and outbound packets from a subnet containing highly sensitive data for compliance. They have enabled VPC Flow Logs on that subnet, which record metadata such as source and destination IP, ports, and protocol. However, the security team requires the actual packet payload to perform deep packet inspection (DPI) for malicious patterns. They want to capture the packets without disrupting network traffic. Which additional configuration should be implemented to meet this requirement?
Packet Mirroring captures full packet payloads without affecting live traffic.
Why this answer
Option C is correct because Packet Mirroring clones all packets (including payload) from a source instance in the subnet and forwards them to a collector instance for deep packet inspection, without disrupting the original traffic flow. VPC Flow Logs only capture metadata (headers, timestamps) and cannot include payload content, making Packet Mirroring the only solution that meets the requirement for actual packet payload capture.
Exam trap
Google Cloud often tests the distinction between metadata logging (VPC Flow Logs) and full packet capture (Packet Mirroring), and the trap here is assuming VPC Flow Logs can be configured to include payloads, which is technically impossible in GCP.
How to eliminate wrong answers
Option A is wrong because Cloud Armor only inspects and logs HTTP/HTTPS traffic at the edge, not all inbound/outbound packets from the subnet, and it cannot capture payloads for non-HTTP protocols or for traffic that does not pass through the Cloud Armor proxy. Option B is wrong because VPC Flow Logs do not support a 'include payload' setting; they are limited to metadata such as IP addresses, ports, and protocol numbers, and never capture packet payloads. Option D is wrong because Cloud NAT logging only records metadata about outbound connections (source/destination IPs, ports) and does not capture packet payloads; it is designed for connection tracking, not deep packet inspection.