Answer-first summary for fast verification
Answer: VPC Firewall Rules
The question specifies an internal web application requiring CIDR-based access control and SYN flood DDoS protection. VPC Firewall Rules (B) are optimal because they natively support CIDR-based filtering for internal traffic and GCP's infrastructure provides built-in SYN flood protection at the network layer without requiring additional services. Cloud Armor (A) is primarily designed for external-facing applications with load balancers and offers advanced DDoS protection beyond SYN floods, which is unnecessary here. Cloud IAM (C) manages identity-based access, not network-level CIDR restrictions. Cloud CDN (D) focuses on content delivery and caching, not access control or DDoS mitigation. Community discussion highlights that VPC Firewall Rules are cost-effective and sufficient for internal applications, with several comments noting Cloud Armor's limitations for internal use without load balancers.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A customer is deploying a 3-tier internal web application on Google Cloud Platform (GCP). Their internal compliance mandates that end-user access is permitted only for traffic originating from a specific, approved CIDR block. The customer is willing to accept the risk of having only SYN flood DDoS protection and intends to use GCP's native capability for this.
Which GCP product should be used to fulfill these requirements?
A
Cloud Armor
B
VPC Firewall Rules
C
Cloud Identity and Access Management
D
Cloud CDN
No comments yet.