You are managing an application that runs in Compute Engine. The application uses a custom HTTP server to expose an API that is accessed by other applications through an internal TCP/UDP load balancer. A firewall rule allows access to the API port from 0.0.0.0/0. You need to configure Cloud Logging to log each IP address that accesses the API by using the fewest number of steps. What should you do first?
A. Enable Packet Mirroring on the VPC.
B. Install the Ops Agent on the Compute Engine instances.
C. Enable logging on the firewall rule.
D. Enable VPC Flow Logs on the subnet.
Disclaimer
This is a practice question. There is no guarantee of coming this question in the certification exam.
Answer
D
Explanation
A. Enable Packet Mirroring on the VPC.
(Not helpful.)
B. Install the Ops Agent on the Compute Engine instances.
(It’s for logging and monitoring, not for traffic flow logs.)
C. Enable logging on the firewall rule.
(Not helpful.)
D. Enable VPC Flow Logs on the subnet.
(“VPC Flow Logs records a sample of network flows sent from and received by VM instances, including instances used as GKE nodes. These logs can be used for network monitoring, forensics, real-time security analysis, and expense optimization.”
Source: https://cloud.google.com/vpc/docs/using-flow-logs)