Practice Test 3 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test
An organization is experiencing a lot of traffic from a specific IP block to the HTTPS load balancer, which is causing the backend to scale excessively. As the network engineer, you have been asked to block this traffic at the edge of the network.
What action is most suitable?
A. Create an ingress firewall rule with a higher priority to deny the traffic and apply it to the instances network tag.
B. Create an egress firewall rule with a higher priority to deny the traffic and apply it to the instance network tag.
C. Create a Cloud Armor policy to deny the traffic and apply it to the load balancer
D. Use Cloud NAT to filter incoming traffic.
Answer: C
Option A is incorrect, this does not block the traffic at the edge but at the instance level
Option B is incorrect, this does not block incoming traffic.
Option C is correct, this blocks the malicious traffic at the HTTP(S) load balancer
Option D is incorrect. This does not block traffic.
https://cloud.google.com/armor/docs/configure-security-policies explains how to configure Cloud Armor policy.
Comments are closed, but trackbacks and pingbacks are open.