Answer-first summary for fast verification
Answer: Configure a Google Cloud Armor security policy in your project, and attach it to the backend service to secure the application.
Google Cloud Armor is specifically designed to protect applications from distributed denial-of-service (DDoS) and application layer (Layer 7) attacks. By configuring a Google Cloud Armor security policy and attaching it to the backend service of the global HTTP(S) load balancer, you can define rules to filter malicious traffic, block specific IP ranges, and leverage pre-configured rules for common attacks. VPC Service Controls (A) focus on data exfiltration prevention, not attack mitigation. VPC firewall rules (C) and hierarchical firewall rules (D) operate at lower network layers (e.g., IP/ports) and are insufficient for Layer 7 attack protection. Google's infrastructure already provides baseline DDoS protection, but Cloud Armor adds advanced security for application-specific threats.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you protect a global application running on Compute Engine instances behind a global HTTP(S) load balancer from distributed denial-of-service (DDoS) and layer 7 (application layer) attacks?
A
Configure VPC Service Controls and create a secure perimeter. Define fine-grained perimeter controls and enforce that security posture across your Google Cloud services and projects.
B
Configure a Google Cloud Armor security policy in your project, and attach it to the backend service to secure the application.
C
Configure VPC firewall rules to protect the Compute Engine instances against distributed denial-of-service attacks.
D
Configure hierarchical firewall rules for the global HTTP(S) load balancer public IP address at the organization level.
No comments yet.