You need to block a known malicious IP range from accessing your website served by a Google Cloud Application Load Balancer. What is the correct method to deny-list these IP addresses?

Exam-Like

Create a Cloud Armor policy with a deny-rule for the known IP address range. Attach the policy to the backend of the Application Load Balancer.

Activate Identity-Aware Proxy for the backend of the Application Load Balancer. Create a firewall rule that only allows traffic from the proxy to the application.

Create a log sink with a filter containing the known IP address range. Trigger an alert that detects when the Application Load Balancer is accessed from those IPs.

Create a Cloud Firewall policy with a deny-rule for the known IP address range. Associate the firewall policy to the Virtual Private Cloud with the application backend.

Google Professional Cloud Security Engineer

Get started today

Comments

You need to block a known malicious IP range from accessing your website served by a Google Cloud Application Load Balancer. What is the correct method to deny-list these IP addresses?