Your Google Cloud organization allows for administrative capabilities to be distributed to each team through provision of a Google Cloud project with Owner role (roles/owner). The organization contains thousands of Google Cloud projects. Security Command Center Premium has surfaced multiple OPEN_MYSQL_PORT findings. You are enforcing the guardrails and need to prevent these types of common misconfigurations. What should you do?
A. Create a hierarchical firewall policy configured at the organization to deny all connections from 0.0.0.0/0.
B. Create a hierarchical firewall policy configured at the organization to allow connections only from internal IP ranges.
C. Create a Google Cloud Armor security policy to deny traffic from 0.0.0.0/0.
D. Create a firewall rule for each virtual private cloud (VPC) to deny traffic from 0.0.0.0/0 with priority 0.
Disclaimer
This is a practice question. There is no guarantee of coming this question in the certification exam.
Answer
B
Explanation
A. Create a hierarchical firewall policy configured at the organization to deny all connections from 0.0.0.0/0.
(It is a strong security measure but could potentially disrupt legitimate traffic if not configured carefully. It’s usually recommended to follow the principle of least privilege and explicitly allow only necessary traffic.)
B. Create a hierarchical firewall policy configured at the organization to allow connections only from internal IP ranges.
(This is the right answer as it will block external traffic but allows internal legitimate traffic.)
C. Create a Google Cloud Armor security policy to deny traffic from 0.0.0.0/0.
(It is more suitable for web application security and might not be the most effective way to prevent open ports like OPEN_MYSQL_PORT.)
D. Create a firewall rule for each virtual private cloud (VPC) to deny traffic from 0.0.0.0/0 with priority 0.
(It would require creating and managing individual firewall rules for each VPC, which could be cumbersome and less efficient than using a hierarchical firewall policy at the organization level.)