GCP Professional Cloud Security Engineer Practice Question
Your public e-commerce site sits behind a global external HTTP(S) load balancer. A recent attack sent millions of HTTP POST requests from thousands of IPs, exhausting back-ends, while logs showed SQL injection and cross-site-scripting probes. You need a Google-managed defense that 1) automatically detects and stops large Layer-7 DDoS floods with no manual tuning, 2) blocks common OWASP Top-10 threats, and 3) requires no change to the current load-balancer architecture. Which Cloud Armor-based action satisfies all requirements?
Replace the external HTTP(S) load balancer with an internal HTTP(S) load balancer and use VPC firewall rules to filter malicious requests.
Enable Cloud Armor in preview (monitoring-only) mode and manually review logs daily to add new custom rules when attacks occur.
Create a Cloud Armor security policy that contains only a deny rule listing the botnet's source IP addresses.
Attach a Cloud Armor security policy to the load balancer's backend service, enable Adaptive Protection, and activate Google-managed preconfigured WAF rules in blocking mode.
Attach a Cloud Armor security policy to the existing global external HTTP(S) load balancer's backend service. Enable Adaptive Protection so Cloud Armor's machine-learning models automatically detect and mitigate large-scale Layer-7 DDoS floods, and turn on the Google-managed preconfigured WAF rule sets in blocking mode to stop SQL injection, cross-site scripting, and other OWASP Top-10 threats. Using only IP deny lists or monitoring-only mode would not provide automatic, adaptive mitigation or comprehensive OWASP protection, and replacing the external load balancer with an internal one would cut off public access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Layer-7 DDoS protection?
Open an interactive chat with Bash
What are OWASP Top-10 threats and why are they significant?
Open an interactive chat with Bash
What is Adaptive Protection in Google Cloud Armor?
Open an interactive chat with Bash
ELI5: What is a Layer-7 DDoS attack?
Open an interactive chat with Bash
What are OWASP Top-10 threats?
Open an interactive chat with Bash
What does Cloud Armor's Adaptive Protection do?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Securing communications and establishing boundary protection
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .