Answer-first summary for fast verification
Answer: Use Cloud Armor to blacklist the attacker's IP addresses., Create a global HTTP(s) load balancer and move your application backend to this load balancer.
To quickly restore user access to the application and allow successful transactions while minimizing cost during a DDOS attack, the most effective steps are to use Cloud Armor to blacklist the attacker's IP addresses (A) and to create a global HTTP(s) load balancer and move the application backend to this load balancer (C). Cloud Armor provides protection against DDOS attacks by allowing the blacklisting of malicious IPs, and switching to a global HTTP(s) load balancer enhances the application's ability to handle and mitigate such attacks efficiently. Increasing the maximum autoscaling backend (B) might temporarily handle the traffic but does not address the root cause and could lead to higher costs. Shutting down the entire application (D) is not a viable solution as it affects all users and does not guarantee the attack will stop. Investigating logs (E) is important for understanding the attack but does not provide an immediate solution.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your company recently deployed a critical revenue-generating web application using managed instance groups, autoscaling, and a network load balancer. During a surge in traffic, autoscaling hit its maximum instance limit, causing transaction failures for users. You suspect a DDoS attack and need to quickly restore application access while minimizing costs.
Which two actions should you take? (Select two.)
A
Use Cloud Armor to blacklist the attacker's IP addresses.
B
Increase the maximum autoscaling backend to accommodate the severe bursty traffic.
C
Create a global HTTP(s) load balancer and move your application backend to this load balancer.
D
Shut down the entire application in GCP for a few hours. The attack will stop when the application is offline.
E
SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack.