Practice Test 2 | Google Cloud Certified Professional Cloud Security Engineer | Dumps | Mock Test

Question 6

Your company has an application running on Compute Engine behind an HTTP(S) Load balancer. You have been asked to configure Cloud Armor to deny traffic from the IP address 10.0.0.150.

Which of the following does not help meet the requirement?

A. Create a Cloud Armor Security policy.
B. Specify a Priority less than 2,147,483,647.
C. Add a rule to the policy to deny access to the IP Address 10.0.0.150/24.
D. Attach the policy to the backend service of the HTTP(S) Load Balancer.

Answer

Correct Answer: C

Option A is incorrect. This is the first step in creating Cloud Armor policies.
Option B is incorrect. A Priority must be specified. It will be used in the order in which rules are evaluated and applied to traffic.
Option C is CORRECT. This option denies traffic from a CIDR range of addresses, not a single IP address as specified.
Option D is incorrect. It must be attached to a back-end service for a policy to take effect.

Reference:

https://cloud.google.com/armor/docs/configure-security-policies

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

PCSE

Practice Test 2 | Google Cloud Certified Professional Cloud Security Engineer | Dumps | Mock Test

Question 6

Answer

Ads Blocker Detected!!!