Google Cloud fans - Score some Swag with your firewall rule knowledge.

Question:

In Google Cloud, firewall rules are specific to a single VPC (virtual private cloud) network. In a VPC, you create an ingress firewall rule to allow any VM instance associated with a particular service account, to accept TCP traffic on port 80; that originates from a specific source subnet. Which of the following statements are true?

(hint: two of these answers are correct)

Answers:

a) Users can use target tags to specify additional VM instances to which this rule applies.

b) Target tags cannot be used with a service account to specify additional VM instances.

c) It is not possible to grant firewall permissions using a specific service account.

d) It is not possible to limit access to both a service account and a specific source subnet.

e) This rule will apply to all instances that use the service account in a specific GCP project.

f) This rule will apply to all instances that use the service account in a specific VPC network in a project.

If you made it this far, you already know the question, post your answers on the ACG site. Here's the link to the Guru of the Month question for September. So click the link, answer the question; Get in the Game. The Guru of month gets T-Shirts, Stickers, along with a Hand signed card. (note - not sure who signs the card). So, get some cool A Cloud Guru swag for your time. If nothing else, pop in, say hello and comment on the question.

This should help if your stuck, service-accounts-vs-tags.

See you soon, until then K. B. A. - Keeping Being Awesome.