Your organization just created a custom-mode VPC network named prod-net and added a single subnet with the IP range 10.10.0.0/24 in us-central1. A VM instance in the subnet can access the public Internet, but attempts to SSH in from the corporate data-center's public IP address consistently time out. No other networking resources have been configured. To enable administrators to connect over TCP port 22 from the data-center, which fundamental VPC component must you create in prod-net without changing the existing subnet or VM configuration?
Create a firewall rule that allows TCP port 22 from the data-center's public IP range.
Create a custom static route that targets the VM's internal IP range.
Enable VPC Flow Logs on the subnet to permit inbound connections.
Attach a Cloud Router to prod-net to advertise on-premises prefixes.
Every VPC network contains routes and two implied firewall rules: one that allows all egress traffic and one that denies all ingress traffic. Custom-mode networks do not include any additional "allow" rules. Because the administrators are trying to initiate inbound SSH sessions, traffic is being blocked by the implied deny-ingress rule. Adding a firewall rule that permits TCP 22 from the data-center's source IP range explicitly authorizes that inbound traffic. Creating routes, enabling VPC Flow Logs, or attaching a Cloud Router would not override the default firewall behavior and therefore would not solve the problem.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are firewall rules in a VPC?
Open an interactive chat with Bash
What does the implied deny-ingress rule mean?
Open an interactive chat with Bash
Why doesn’t adding a route or enabling VPC Flow Logs fix the issue?
Open an interactive chat with Bash
What is the purpose of a firewall rule in a VPC network?
Open an interactive chat with Bash
What are implied rules in a custom-mode VPC network?
Open an interactive chat with Bash
Why would attaching a Cloud Router not solve the SSH timeout issue?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Setting up a cloud solution environment
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .