Answer-first summary for fast verification
Answer: Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing service.
The correct approach is to use Cloud Armor Security Policy. Since the instances are behind a global load balancer, the traffic reaches the backend via the load balancer. Cloud Armor integrates with the load balancer to filter incoming traffic based on IP addresses. By creating a Security Policy that allows only the traffic-scrubbing service's IPs, all other traffic is blocked at the edge. VPC Firewall rules (B) and IPTables (D) would not work as they would see the load balancer's IP, not the original client IP. VPC Service Controls (C) are for service perimeters, not IP-based filtering.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To ensure only your traffic-scrubbing service can access your gaming service instances with private IP addresses behind a global load balancer, what configuration steps should you take?
(Note: The original question may have contained OCR errors in code blocks, but none were present in this case.)
A
Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing service.
B
Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service.
C
Create a VPC Service Control Perimeter that blocks all traffic except for the traffic-scrubbing service.
D
Create IPTables firewall rules that block all traffic except for the traffic-scrubbing service.
No comments yet.