Quiz - Monitoring & Cloud Network Fundamentals
Contents
- 1 Question 1. You can do some monitoring with Stackdriver without the Monitoring agent
- 2 Question 2. Subnets can be regional or global.
- 3 Question 3. A subnet is essentially the same thing as a (VPC) network in Google Cloud
- 4 Question 4. The deny-all-ingress and allow-all-egress rules have a priority of _______
- 5 Question 5. Ephemeral IP addresses are retained when a instance is stopped and restarted.
- 6 Question 6. VPC networks support the following within the network:
- 7 Question 7. Select the firewall rules that are pre-populated in the default network
- 8 Question 8. The action taken by a firewall rule is either allow or deny
Question 1. You can do some monitoring with Stackdriver without the Monitoring agent
(Using the Monitoring agent is optional but recommended. Monitoring can access some instance metrics without the Monitoring agent, including CPU utilization, some disk traffic metrics, network traffic, and uptime information. Monitoring uses the Monitoring agent to access additional system resources and application services in virtual machine (VM) instances. If you want these additional capabilities, you should install the Monitoring agent. https://cloud.google.com/monitoring/agent)
True
Question 2. Subnets can be regional or global.
(A VPC network is a global resource, but individual subnets are regional resources. https://cloud.google.com/compute/docs/regions-zones/global-regional-zonal-resources)
False
Question 3. A subnet is essentially the same thing as a (VPC) network in Google Cloud
(A subnet is not the same thing as a (VPC) network. Networks and subnets are different types of objects in Google Cloud. https://cloud.google.com/vpc/docs/vpc)
False
Question 4. The deny-all-ingress and allow-all-egress rules have a priority of _______
(Implied allow egress rule. An egress rule whose action is allow, destination is 0.0.0.0/0, and priority is the lowest possible (65535) lets any instance send traffic to any destination, except for traffic blocked by Google Cloud. A higher priority firewall rule may restrict outbound access. Internet access is allowed if no other firewall rules deny outbound traffic and if the instance has an external IP address or uses a Cloud NAT instance. For more information, see Internet access requirements.
Implied deny ingress rule. An ingress rule whose action is deny, source is 0.0.0.0/0, and priority is the lowest possible (65535) protects all instances by blocking incoming traffic to them. A higher priority rule might allow incoming access. The default network includes some additional rules that override this one, allowing certain types of incoming traffic. https://cloud.google.com/vpc/docs/firewalls#more_rules_default_vpc)
65534
Question 5. Ephemeral IP addresses are retained when a instance is stopped and restarted.
(Ephemeral IPs are released when an instance is stopped, but a new ephemeral IP address is acquired when the instance is restarted. https://cloud.google.com/compute/docs/instances/instance-life-cycle)
False
Question 6. VPC networks support the following within the network:
(VPC networks only support IPv4 unicast traffic. They do not support broadcast, multicast, or IPv6 traffic within the network; VMs in the VPC network can only send to IPv4 destinations and only receive traffic from IPv4 sources. However, it is possible to create an IPv6 address for a global load balancer. https://cloud.google.com/vpc/docs/vpc)
IPv4 Unicast
Question 7. Select the firewall rules that are pre-populated in the default network
(The default network is pre-populated with firewall rules that allow incoming traffic to instances. These rules can be deleted or modified as necessary:
default-allow-internal
Allows ingress connections for all protocols and ports among instances in the network. This rule has the second-to-lowest priority of 65534, and it effectively permits incoming connections to VM instances from others in the same network.
default-allow-ssh
Allows ingress connections on TCP port 22 from any source to any instance in the network. This rule has a priority of 65534.
default-allow-rdp
Allows ingress connections on TCP port 3389 from any source to any instance in the network. This rule has a priority of 65534, and it enables connections to instances running the Microsoft Remote Desktop Protocol (RDP).
default-allow-icmp
Allows ingress ICMP traffic from any source to any instance in the network. This rule has a priority of 65534, and it enables tools such as ping.
https://cloud.google.com/vpc/docs/firewalls)
default-allow-internal
default-allow-ssh
default-allow-rdp
default-allow-icmp
Question 8. The action taken by a firewall rule is either allow or deny
(Google Cloud firewall rules let you allow or deny traffic to and from your virtual machine (VM) instances based on a configuration that you specify.
https://cloud.google.com/vpc/docs/firewalls)
True
