🔥 40% Off Crucial Exams Memberships — Deal ends today!

12 minutes, 11 seconds remaining!
Crucial Exams

GCP Professional Cloud Security Engineer Practice Question

Your company operates Compute Engine instances in a regional subnet behind a regional external HTTP(S) load balancer that terminates TLS. Regional Cloud NGFW network firewall policies already enforce Layer-4 rules on the VPC. The security team must detect and block Layer-7 exploits such as Log4Shell in real time, avoid adding proxy VMs or changing the load balancer, and preserve the existing regional policy hierarchy. Which approach satisfies these requirements?

  • Add an IPS threat prevention profile to the existing regional Cloud NGFW firewall policy rule that targets the API backend subnet, enabling automatic block mode for critical and high-severity signatures.

  • Enable Cloud NGFW threat intelligence deny lists on the policy to block known malicious IP addresses attempting to reach the API service.

  • Create a new VM-based proxy cluster running open-source Suricata, route all API traffic through the proxy, and manage Suricata signature updates manually.

  • Replace the regional network firewall policy with a new global policy that contains Layer-4 allow rules and rely on the external HTTP(S) load balancer's built-in WAF capabilities only.

GCP Professional Cloud Security Engineer
Securing communications and establishing boundary protection
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot