Practice Test 3 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test
Your company wants to integrate Cloud Armor with its external HTTP(S) load balancer to deny traffic from a particular IP address range and allow all traffic from all other ranges. You have been asked to configure a Cloud Armor policy that does this and there is also a need to verify that the policy achieves the purpose before enabling it.
Which of the following configuration will achieve this?
A. Create a policy with a default allow action
Add a deny rule to match the IP to be blocked
Set a priority of 2000
Check Preview mode
Apply policy to the load balancer
B. Create a policy with a default deny action
Add a deny rule to match the IP to be blocked
Set a priority of 2000
Uncheck Preview mode
C. Create a policy with a default allow action
Add a allow rule to match the IP to be blocked
Set a priority of 2000
Check Preview mode
Apply policy to the load balancer
D. Create a policy with a default deny action
Add a allow rule to match the IP to be blocked
Set a priority of 2000
Apply policy to the load balancer
Answer: A
Options A is correct, the policy allows all traffic by default but denies the specified IP block and Preview mode is enabled.
Options B and D are incorrect, the policy denies all traffic by default.
Options C is incorrect because it allows the traffic that needed to be denied.
Reference
Comments are closed, but trackbacks and pingbacks are open.