Question 18

Question

You control network traffic for a folder in your Google Cloud environment. Your folder includes
multiple projects and Virtual Private Cloud (VPC) networks You want to enforce on the folder level
that egress connections are limited only to IP range 10.58.5.0/24 and only from the VPC network
dev-vpc." You want to minimize implementation and maintenance effort
What should you do?

Accepted Answer

•
1. Attach external IP addresses to the VMs in scope.
•
2. Define and apply a hierarchical firewall policy on folder level to deny all egress connections and
to allow egress to IP range 10 58.5.0/24 from network dev-vpc.

AmeliaQ · Answer

Option B Similar question came up in official practice and it points to using a hierarchical firewall policy for this scenario.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE