You are migrating a three-tier application from on-premises to Google Cloud. The first step involves creating a new VPC with an external HTTP(S) load balancer to forward traffic to on-premises presentation-tier resources. To prevent malicious traffic from entering your VPC and consuming edge resources, you need to implement a policy that filters IP addresses and mitigates cross-site scripting (XSS) attacks. What should you do?

Exam-Like

Create a Google Cloud Armor policy, and apply it to a backend service that uses an unmanaged instance group backend.

20.0%

Create a hierarchical firewall ruleset, and apply it to the VPC's parent organization resource node.

0.0%

Create a Google Cloud Armor policy, and apply it to a backend service that uses an internet network endpoint group (NEG) backend.

80.0%

Create a VPC firewall ruleset, and apply it to all instances in unmanaged instance groups.

0.0%

Google Professional Cloud Network Engineer