Q: 16
Your company is running out of network capacity to run a critical application in the on-premises data
center. You want to migrate the application to GCP. You also want to ensure that the Security team
does not lose their ability to monitor traffic to and from Compute Engine instances.
Which two products should you incorporate into the solution? (Choose two.)
Options
Discussion
Option A and B work together for this. VPC flow logs cover general network traffic, and firewall logs show what gets blocked or allowed at the GCP firewall. Pretty sure that's what's needed, but open to other takes.
I don’t think it’s C. AB make more sense since we’re talking about network traffic, not just API actions or admin events. Pretty sure E is a common trap here because system logs won’t show all network flow. Disagree?
AB tbh, same combo came up in an exam report I saw. Flow logs pick up the network flows, firewall logs catch the rule hits/blocks, so security keeps full visibility after moving to GCP.
Its A and B. VPC flow logs and firewall logs give the Security team network visibility in GCP, just like they'd have on-prem. Seen similar advice in Google docs and practice exams, so pretty confident here.
B
Be respectful. No spam.
