Your organization requires that all SMTP traffic to your cloud environment is blocked, except for traffic that originates from your corporate network. Your organization also requires that only specific VPCs across your Google Cloud projects will allow SMTP access from your corporate network. You need to configure a security policy that will enable this connectivity. What should you do?

A. 1. Configure an ingress hierarchical firewall rule with priority 10000 specifying the 0.0.0.0/0 source, TCP port 25, and the deny action.
2. Configure an egress hierarchical firewall rule with priority 10010 specifying the source of your corporate network as TCP port 25 and the goto_next action.
3. Associate the hierarchical firewall policy at the organization level.
4. Configure firewall policy rules allowing TCP port 25 in the firewall policies associated with the respective VPCs that require that access. B. 1. Configure an ingress hierarchical firewall rule with priority 10000 specifying the 0.0.0.0/0 source, TCP port 25, and the allow action.
2. Associate the hierarchical firewall policy at the organization level.
3. Configure firewall policy rules to deny TCP port 25 in the firewall policies associated with the respective VPCs that do not require that access. C. 1. Configure an ingress hierarchical firewall rule with priority 10000 specifying the source of your corporate network, TCP port 25, and the goto_next action.
2. Configure an ingress hierarchical firewall rule with priority 10010 specifying the 0.0.0.0/0 source, TCP port 25, and the deny action.
3. Associate the hierarchical firewall policy at the organization level.
4. Configure firewall policy rules allowing TCP port 25 in the firewall policies associated with the respective VPCs that require that access. D. 1. Configure an ingress hierarchical firewall rule with priority 10000 specifying the 0.0.0.0/0 source, TCP port 25, and the deny action.
2. Associate the hierarchical firewall policy at the organization level.
3. Configure firewall policy rules allowing TCP port 25 in the firewall policies associated with the respective VPCs that require that access.