In your project my-project, you have two subnets in a Virtual Private Cloud (VPC): subnet-a with IP range 10.128.0.0/20 and subnet-b with IP range 172.16.0.0/24. You need to deploy database servers in subnet-a. You will also deploy the application servers and web servers in subnet-b. You want to configure firewall rules that only allow database traffic from the application servers to the database servers. What should you do?
A. Create network tag app-server and service account [email protected]. Add the tag to the application servers, and associate the service account with the database servers.
Run the following command:
gcloud compute firewall-rules create app-db-firewall-rule \
--action allow \
--direction ingress \
--rules top:3306 \
--source-tags app-server \
--target-service-accounts [email protected]
B. Create service accounts [email protected] and [email protected]. Associate service account sa-app with the application servers, and associate the service account sa-db with the database servers.
Run the following command:
gcloud compute firewall-rules create app-db-firewall-rule \
--allow TCP:3306 \
--source-service-accounts [email protected] \
--target-service-accounts [email protected]
C. Create service accounts [email protected] and [email protected]. Associate the service account sa-app with the application servers, and associate the service account sa-db with the database servers.
Run the following command:
gcloud compute firewall-rules create app-db-firewall-rule \
--allow TCP:3306 \
--source-ranges 10.128.0.0/20 \
--source-service-accounts [email protected] \
--target-service-accounts [email protected]
D. Create network tags app-server and db-server. Add the app-server tag to the application servers, and add the db-server tag to the database servers.
Run the following command:
gcloud compute firewall-rules create app-db-firewall-rule \
--action allow \
--direction ingress \
--rules tcp:3306 \
--source-ranges 10.128.0.0/20 \
--source-tags app-server \
--target-tags db-server
Answer
B