In Google Cloud Platform, firewall rules have a priority number. What happens when two firewall rules apply to the same VM and have conflicting actions but different priorities?
Think about priority as a ranking where smaller numbers mean higher importance.
In GCP firewall rules, a lower priority number means higher priority. When multiple rules apply, the one with the smallest priority number is enforced first.
You create a firewall rule in GCP with direction set to INGRESS. Which traffic does this rule control?
Ingress means 'coming in'.
Ingress firewall rules control incoming traffic to the VM, while egress rules control outgoing traffic.
You want to create a GCP firewall rule that allows SSH (port 22) access only from the IP address 203.0.113.5. Which configuration is correct?
SSH uses TCP protocol and port 22. The source IP must be exact.
To restrict SSH access to a single IP, allow ingress TCP traffic on port 22 from that IP with /32 mask for a single address.
You create a firewall rule with deny action, priority 100, and source IP range 10.0.0.0/8. Another rule allows all traffic with priority 200. What will happen to traffic from 10.0.0.5?
Remember that lower priority numbers mean higher priority and deny rules block traffic.
The deny rule with priority 100 blocks traffic from 10.0.0.0/8 before the allow rule with priority 200 can apply.
You have a multi-tier application with web servers, app servers, and database servers in separate subnetworks. You want to allow web servers to talk to app servers on port 8080, app servers to talk to database servers on port 5432, and block all other traffic between tiers. Which firewall rule setup achieves this?
Think about controlling incoming traffic on each server tier from the correct source subnet and port.
Allowing ingress on app servers from web servers on port 8080 and on database servers from app servers on port 5432 restricts communication properly. Denying other traffic between subnets ensures no unwanted access.