* Create service accounts sa-app and sa-db.• Associate service account: sa-app with the application servers and the service account sa-db with the database servers.• Create an ingress firewall rule to allow network traffic from source service account sa-app to target service account sa-db.

• Create network tags app-server and db-server.• Add the app-server lag lo the application servers and the db-server lag to the database servers.• Create an egress firewall rule to allow network traffic from source network tag app-server to target network tag db-server.

* Create a service account sa-app and a network tag db-server.* Associate the service account sa-app with the application servers and the network tag db-server withthe database servers.• Create an ingress firewall rule to allow network traffic from source VPC IP addresses and target the subnet-a IP addresses.

• Create a network lag app-server and service account sa-db.• Add the tag to the application servers and associate the service account with the database servers.• Create an egress firewall rule to allow network traffic from source network tag app-server to target service account sa-db.