Practice Test 3 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test
A growing firm has opted to use Cloud CDN with its HTTP(S) load balancer to protect its applications from DDoS attacks. You have been requested to create the Cloud Armor security policies.
Which of the following can not be policies be based on?
A. Allow or deny traffic based on IP addresses or ranges
B. Allow or deny traffic based on rules expressions
C. Allow or deny traffic based on country
D. Allow or deny traffic based on traffic type
Answer: D
The policy can be created on the basis of
- Expression matches against requests from the IP address
1.2.3.4
and contains the stringGodzilla
in the user-agent header: - Expression matches against requests that have a cookie with a specific value
- Expression matches against requests from the region
AU, US, etc.
- Expression matches against requests from the region
AU
that are not in the specified IP range - Expression matches against requests if the URI matches a regular expression
- Expression matches against requests if the Base64 decoded value of the
user-id
the header contains a specific value - The expression uses a preconfigured expression set to match against SQLi attacks
Options A, B, and C are incorrect because the question is asking which one we can not create policy.
Reference
Comments are closed, but trackbacks and pingbacks are open.