Your organization has a VPC with several subnets hosting Compute Engine instances. You need to allow SSH access (port 22) to instances in the 'management' subnet from the internet, but only from the office's static IP range (203.0.113.0/24). All other ingress traffic to that subnet should be blocked. Which firewall rule configuration should you create?
Trap 1: Create an ingress rule with target tag 'management', source IP…
Allows SSH from all sources, not just office.
Trap 2: Create an ingress rule with target tag 'management', source IP…
Denies SSH from office, opposite of requirement.
Trap 3: Create an ingress rule with target tag 'management', source IP…
Allows all traffic from office, not just SSH.
- A
Create an ingress rule with target tag 'management', source IP range 0.0.0.0/0, protocol tcp:22, action allow
Why wrong: Allows SSH from all sources, not just office.
- B
Create an ingress rule with target tag 'management', source IP range 203.0.113.0/24, protocol tcp:22, action deny
Why wrong: Denies SSH from office, opposite of requirement.
- C
Create an ingress rule with target tag 'management', source IP range 203.0.113.0/24, protocol tcp:22, action allow
Correct: Targets the subnet's instances via tag, allows SSH only from office IP.
- D
Create an ingress rule with target tag 'management', source IP range 203.0.113.0/24, protocol all, action allow
Why wrong: Allows all traffic from office, not just SSH.