Google Professional Cloud Network Engineer

Get started today

Ultimate access to all questions.

Explanation:

To protect the application from application-level attacks (e.g., SQL injection, XSS), Google Cloud Armor provides web application firewall (WAF) capabilities. Option C correctly suggests creating a Google Cloud Armor security policy with WAF rules and applying it to the backend service of the global external application load balancer. This ensures traffic is inspected for malicious patterns.

A (Cloud CDN) focuses on caching and performance, not security.
B (Firewall deny rules) operate at the network layer (IP/ports) and cannot block application-layer attacks.
D (VPC Service Controls) restricts data exfiltration but does not protect against application attacks. Thus, only C addresses the requirement effectively.

Explanation:

A (Cloud CDN) focuses on caching and performance, not security.
B (Firewall deny rules) operate at the network layer (IP/ports) and cannot block application-layer attacks.
D (VPC Service Controls) restricts data exfiltration but does not protect against application attacks. Thus, only C addresses the requirement effectively.

Comments (0)

No comments yet.

To safeguard your globally accessible application behind a global external Application Load Balancer from application-level attacks, what steps should you take?

Exam-Like

Last updated: January 7, 2026 at 14:02

Enable Cloud CDN on the backend service.

0.0%

Create multiple firewall deny rules to block malicious users, and apply them to the global external application load balancer.

0.0%

Create a Google Cloud Armor security policy with web application firewall rules, and apply the security policy to the backend service

85.7%

Create a VPC Service Controls perimeter with the global external application load balancer as the protected service, and apply it to the backend service.

14.3%