Answer-first summary for fast verification
Answer: Create a Cloud Armor security policy, and associate the policy with the load balancer. Configure the security policy's settings as follows: action: throttle; conform action: allow; exceed action: deny-429.
The correct approach is to use Cloud Armor, Google's native solution, to enforce rate limiting. Option A correctly configures a Cloud Armor security policy with a throttle action, allowing requests under the threshold (conform action: allow) and returning HTTP 429 (exceed action: deny-429) when the limit is exceeded. This aligns with Google-recommended practices. Option B incorrectly implies the load balancer can natively limit per-client requests, which is not true. Option C refers to OWASP rules, which target web application attacks, not rate limiting. Option D uses a manual VM-based approach, which is not scalable or recommended compared to managed services like Cloud Armor.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your application uses an external global Application Load Balancer, and backend servers are experiencing overload due to irregular spikes in client request rates. To adhere to Google-recommended practices, how should you limit concurrent sessions and return HTTP 429 (Too Many Requests) responses to clients?
A
Create a Cloud Armor security policy, and associate the policy with the load balancer. Configure the security policy's settings as follows: action: throttle; conform action: allow; exceed action: deny-429.
B
Configure the load balancer to accept only the defined amount of requests per client IP address, increase the backend servers to support more traffic, and redirect traffic to a different backend to burst traffic.
C
Create a Cloud Armor security policy, and apply the predefined Open Worldwide Security Application Project (OWASP) rules to automatically implement the rate limit per client IP address.
D
Configure a VM with Linux, implement the rate limit through iptables, and use a firewall rule to send an HTTP 429 response to the client application.
No comments yet.