Ensure Reachability of LDAP Server on Compute Engine
Question
You deployed an LDAP server on Compute Engine that is reachable via TLS through port 636 using UDP.
You want to make sure it is reachable by clients over that port.
What should you do?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The correct answer is C: Add a network tag of your choice to the instance. Create a firewall rule to allow ingress on UDP port 636 for that network tag.
Here's why:
First, let's clarify some terms:
Network tags: These are labels you can add to Google Cloud instances to group them together. You can then use these tags to create firewall rules that apply to all instances with that tag.
Firewall rules: These define what traffic is allowed into or out of a Google Cloud network. Firewall rules are associated with VPC networks, and they can be applied to individual instances or to groups of instances with specific network tags.
LDAP: This is a protocol used for accessing and maintaining distributed directory information services over a network.
Now let's look at the options:
A. Add the network tag allow-udp-636 to the VM instance running the LDAP server.
This option suggests adding a network tag of "allow-udp-636" to the VM instance running the LDAP server. However, simply adding a tag won't allow traffic through the firewall. A firewall rule is required to specify the allowed traffic. Therefore, option A is not correct.
B. Create a route called allow-udp-636 and set the next hop to be the VM instance running the LDAP server.
This option is also not correct, as creating a route won't affect the firewall rules that control access to the VM instance. Routes are used for directing traffic between different subnets or to different networks, but they don't control access to specific ports or services on a VM instance.
C. Add a network tag of your choice to the instance. Create a firewall rule to allow ingress on UDP port 636 for that network tag.
This is the correct answer. By adding a network tag to the LDAP server instance, we can group it with other instances that need to allow traffic on port 636. Then, we can create a firewall rule that allows traffic to that port for any instance with the specific network tag. This will allow clients to connect to the LDAP server over port 636.
D. Add a network tag of your choice to the instance running the LDAP server. Create a firewall rule to allow egress on UDP port 636 for that network tag.
This option is not correct because it is allowing traffic to leave the instance on port 636, rather than allowing traffic to reach the instance on port 636. Egress rules control the traffic leaving an instance, not the traffic coming into it.
