Practice Test 2 | Google Cloud Certified Professional Cloud Security Engineer | Dumps | Mock Test
Your company has deployed a web-facing application on a Compute Engine behind a Load Balancer, and Cloud DNS is configured to forward traffic to the Load balancer. You have been asked to prevent attackers from manipulating responses to DNS requests for the application.
Which of the following will help you meet this requirement?
A. Configure Cloud Armor to reject traffic from certain IPs.
B. Enable and configure DNSSEC.
C. Enable and configure Cloud CDN.
D. Use an SSL load balancer.
Answer: B
- Option A is incorrect. Cloud Armor protects from DDoS attacks and application threats such as XSS.
- Option B is CORRECT. DNSSEC is used to authenticate responses to domain name looks, thereby preventing attackers from poisoning or manipulating responses.
- Option C is incorrect. Cloud CDN is used to cache data closer to the user.
- Option D is incorrect. SSL Load balancer does not prevent attackers from manipulating DNS results.
Reference:
Comments are closed, but trackbacks and pingbacks are open.