Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Configure firewall rules to block traffic from known malicious IP ranges. Set up Google Cloud Armor and implement Identity-Aware Proxy (IAP) for granular access control.

Option C is the correct answer because it comprehensively addresses all three requirements: resilience against web attacks (Google Cloud Armor for DDoS protection and WAF capabilities), perimeter protection (firewall rules blocking malicious IP ranges), and access control (Identity-Aware Proxy for granular access management). Google Cloud Armor provides threat intelligence capabilities that include known malicious IP ranges, making it effective against the described malicious traffic. Option D is incorrect because disabling external IP addresses would make the application inaccessible to international customers, contradicting the business requirement. Option A focuses too heavily on administrative access rather than customer-facing protection. Option B relies on load balancers for threat detection, which is not their primary function, and increasing resources doesn't address the security root cause.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Configure firewall rules to block traffic from known malicious IP ranges. Set up Google Cloud Armor and implement Identity-Aware Proxy (IAP) for granular access control.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your organization operates a critical web application for international customers on Google Cloud. A recent surge in malicious traffic is straining resources and causing downtime. You must design a security solution to improve the application's resilience to web attacks, strengthen perimeter protection, and implement access control. What should you do?

Exam-Like

Employ network load balancing for traffic distribution. Update Identity-Aware Proxy (IAP) policies to allow only administrative access. Implement custom firewall rules on all external IP addresses.

Set up firewall rules on Compute Engine instances within the application's environment. Rely on load balancers for threat detection. Increase instance resources to cope with attack volume.

Configure firewall rules to block traffic from known malicious IP ranges. Set up Google Cloud Armor and implement Identity-Aware Proxy (IAP) for granular access control.

Add firewall rules that restrict all internal IP ranges. Establish Cloud DNS security policies. Disable external IP addresses to reduce the attack surface. Create user groups for access control.