In a Google Cloud firewall rule, which component specifies where the incoming traffic originates from?
Think about where the traffic comes from before it reaches your resources.
The source in a firewall rule defines the IP addresses or ranges where the traffic originates. It controls which external or internal IPs can send traffic.
Which part of a GCP firewall rule defines the instances or resources that the rule applies to?
Think about which virtual machines or resources the rule protects.
The target in a firewall rule specifies which instances or resources the rule applies to, often by using network tags or service accounts.
What happens if a GCP firewall rule specifies tcp as the protocol but traffic arrives using udp?
Consider how firewall rules filter traffic by protocol type.
Firewall rules filter traffic based on the specified protocol. If the protocol does not match, the rule does not apply, so the traffic is denied if no other rule allows it.
What is a potential security risk of setting the source IP range to 0.0.0.0/0 in a GCP firewall rule?
Think about what 0.0.0.0/0 means in networking.
Setting source to 0.0.0.0/0 means any IP address can send traffic, which can expose resources to the internet and increase attack risk.
You have a multi-tier application with web, app, and database layers in GCP. Which firewall rule setup best isolates the database layer from direct internet access while allowing the app layer to communicate with it?
Consider the principle of least privilege and network segmentation.
Best practice is to restrict database access only to the app layer by using network tags and specific ports, preventing direct internet access.