Practice Test 3 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test

Question 38

A growing firm has opted to use Cloud CDN with its HTTP(S) load balancer to protect its applications from DDoS attacks. You have been requested to create the Cloud Armor security policies.

Which of the following can not be policies be based on?

A. Allow or deny traffic based on IP addresses or ranges
B. Allow or deny traffic based on rules expressions
C. Allow or deny traffic based on country
D. Allow or deny traffic based on traffic type

Answer

Answer: D

The policy can be created on the basis of

Expression matches against requests from the IP address 1.2.3.4 and contains the string Godzilla in the user-agent header:
Expression matches against requests that have a cookie with a specific value
Expression matches against requests from the region AU, US, etc.
Expression matches against requests from the region AU that are not in the specified IP range
Expression matches against requests if the URI matches a regular expression
Expression matches against requests if the Base64 decoded value of the user-id the header contains a specific value
The expression uses a preconfigured expression set to match against SQLi attacks

Options A, B, and C are incorrect because the question is asking which one we can not create policy.

Reference

https://cloud.google.com/armor/docs/configure-security-policies#creating-policy-rules

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50

PCNE

Practice Test 3 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test

Question 38

Answer

Ads Blocker Detected!!!