Crucial Exams

GCP Professional Cloud Security Engineer Practice Question

Your company hosts a public-facing application behind a global external HTTP(S) Load Balancer on Google Cloud. Security policy now mandates that any request coming from IP addresses that Google has flagged as participating in botnet, malware, or command-and-control activity must be blocked automatically, without your team having to curate IP deny lists. What is the most operationally efficient way to meet this requirement?

  • Turn on Cloud Armor Adaptive Protection for the backend service so that requests from malicious IP addresses are detected and blocked automatically.

  • Create a rate-limiting rule in Cloud Armor that throttles any source IP exceeding 100 requests per second, preventing attacks from malicious hosts.

  • Enable the Google-managed OWASP Top 10 preconfigured WAF rule group in the security policy; these rules automatically drop traffic from Google-identified malicious IP addresses.

  • Add a high-priority Cloud Armor security-policy rule whose CEL expression checks whether the client IP appears in threat_intelligence('iplist-known-malicious-ips') and sets the action to deny (for example, return 403).

GCP Professional Cloud Security Engineer
Securing communications and establishing boundary protection
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot