Practice Test 1 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test
An organization is launching a new external-facing application. The application will be delivered via a load-balanced set of instances in a Google Cloud VPC. There is a requirement to be able to reject traffic from certain IP addresses or CIDR range at the edge without interrupting the access of valid users.
As the Network engineer, how can you implement this?
A. Create a firewall rule to allow traffic from valid users CIDR Blocks and apply to the load balancer
B. Create a Google Cloud Armor security policy and attach to the load balancer. Add a deny rule that will block traffic from selected IP addresses when a malicious user is identified
C. Create a Google Cloud Armor security policy and attach to the instances. Add a deny rule that will block traffic from selected IP addresses when a malicious user is identified
D. Create a firewall rule to deny traffic from suspicious users CIDR Blocks and apply to the load balancer
Correct Answer: B
- Option A is incorrect firewall rules are applied at the VPC level, closer to the instances.
- Option B is correct Google Cloud Armor security policy is attached to the load balancer. A deny rule will only disallow traffic from CIDR block or IP addresses in the denylist.
- Option C is incorrect. Google Cloud Armor security policy is attached to the load balancer.
- Option D is incorrect. firewall rules are applied at the VPC level, closer to the instances
Reference:
Comments are closed, but trackbacks and pingbacks are open.