Q: 5
A security team needs to analyze network traffic patterns for auditing and anomaly
detection. They require a complete record of all TCP/UDP traffic flowing through the
VPC network, including source/destination IP, ports, and protocol. Which GCP
feature should be enabled?
Options
Discussion
Option A but only because analysts need centralized raw data access. If it said edge analytics, I'd rethink.
Option B is the best fit. VPC Flow Logs capture all traffic details for the entire VPC, including IPs, ports, and protocols, which is exactly what the security team needs. Pretty sure about this, unless I missed a subtle requirement?
B is the right pick here. VPC Flow Logs actually gives you those packet-level details like source/dest IP and ports for all VPC subnet traffic. The others won’t capture everything needed for auditing patterns like this. Pretty sure about B but open if anyone’s seen another use case.
A
Cloud Audit Logs (C) just track API activity, not network flows. A is only for NAT traffic. For all TCP/UDP flows with IPs and ports, it has to be B-VPC Flow Logs. Anyone see a case where D fits better?
I remember a similar scenario from labs on a practice exam-B was correct. VPC Flow Logs capture all that detailed traffic info the security team needs. Not seeing how A or C could give full packet-level visibility.
A tbh, B is a trap here since it doesn't address centralized analyst access with BigQuery like A does.
A imo, but if the data is batch uploaded instead of streaming, C might make sense. Depends if IoT Core is required.
Be respectful. No spam.
