Crucial Exams

GCP Professional Cloud Architect Practice Question

Your company exposes over 150 RESTful services through Apigee X. The security team must (1) block traffic arriving from several known malicious /24 CIDR ranges and (2) detect and stop SQL-injection attempts in request payloads. The operations team insists on a solution that introduces the least per-request latency and avoids forcing every proxy developer to modify individual API flows. Which design should you recommend?

  • Apply a Google Cloud Armor security policy with an IP denylist rule and the built-in sqli-* WAF rule to the external HTTP(S) load balancer in front of Apigee X.

  • Attach an AccessControl and JSON/XML ThreatProtection policy to every Apigee proxy so that each flow blocks the unwanted CIDRs and validates payloads.

  • Insert Cloud NAT in front of the Apigee runtime and configure it to drop packets from the malicious CIDR ranges while allowing other traffic through.

  • Create a shared flow containing custom JavaScript that checks source IPs and scans payloads for SQL keywords, then attach the flow as a pre-flow to all environments.

GCP Professional Cloud Architect
Managing implementation
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot