Answer-first summary for fast verification
Answer: Create a Google Cloud Armor security policy with web application firewall rules, and apply the security policy to the backend service
To protect the application from application-level attacks (e.g., SQL injection, XSS), Google Cloud Armor provides web application firewall (WAF) capabilities. Option C correctly suggests creating a Google Cloud Armor security policy with WAF rules and applying it to the backend service of the global external application load balancer. This ensures traffic is inspected for malicious patterns. - **A (Cloud CDN)** focuses on caching and performance, not security. - **B (Firewall deny rules)** operate at the network layer (IP/ports) and cannot block application-layer attacks. - **D (VPC Service Controls)** restricts data exfiltration but does not protect against application attacks. Thus, only **C** addresses the requirement effectively.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To safeguard your globally accessible application behind a global external Application Load Balancer from application-level attacks, what steps should you take?
A
Enable Cloud CDN on the backend service.
B
Create multiple firewall deny rules to block malicious users, and apply them to the global external application load balancer.
C
Create a Google Cloud Armor security policy with web application firewall rules, and apply the security policy to the backend service
D
Create a VPC Service Controls perimeter with the global external application load balancer as the protected service, and apply it to the backend service.
No comments yet.