Migrating Critical Application to GCP: Ensuring Security Team's Traffic Monitoring

Incorporating Products for Traffic Monitoring in Compute Engine Instances

Question

Your company is running out of network capacity to run a critical application in the on-premises data center.

You want to migrate the application to GCP.

You also want to ensure that the Security team does not lose their ability to monitor traffic to and from Compute Engine instances.

Which two products should you incorporate into the solution? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

CD.

https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations

To migrate a critical application from an on-premises data center to GCP while ensuring that the Security team can monitor traffic to and from Compute Engine instances, two products should be incorporated into the solution: VPC flow logs and Firewall logs.

  1. VPC flow logs: VPC (Virtual Private Cloud) flow logs can be used to capture information about the traffic to and from Compute Engine instances. These logs contain details such as source and destination IP addresses, protocol, port numbers, and packet and byte counts. This data is helpful for network troubleshooting and security investigations. It provides visibility into network flows, helping you to identify potential security threats or network performance issues. By enabling VPC flow logs, you can ensure that the Security team can continue to monitor traffic to and from Compute Engine instances after the application is migrated to GCP.

  2. Firewall logs: Firewall rules control access to and from Compute Engine instances. Firewall logs can be used to capture information about the traffic that is allowed or denied by these rules. This information includes the source and destination IP addresses, protocol, port numbers, and action taken (allow or deny). Firewall logs are helpful for auditing and compliance purposes, as well as for security investigations. By enabling firewall logs, you can ensure that the Security team can continue to monitor access to and from Compute Engine instances after the application is migrated to GCP.

Therefore, the correct answers are A. VPC flow logs and B. Firewall logs.

Cloud Audit logs are used to provide a record of all activity that occurs in your GCP environment, including administrator activity, data access, and policy changes. Stackdriver Trace is a distributed tracing system that collects latency data from your applications, allowing you to pinpoint performance issues. Compute Engine instance system logs are used to record information about the system-level activity that occurs on Compute Engine instances, such as startup and shutdown events and system errors. While these products are useful in their own right, they are not specifically designed to help the Security team monitor traffic to and from Compute Engine instances.