Answer-first summary for fast verification
Answer: Cloud Armor
Cloud Armor is the correct solution because it provides web application firewall (WAF) capabilities and IP-based access control at the edge of Google's network. It can deny traffic from specific malicious IP addresses using security policies with IP deny lists, and it operates in front of the load balancer, preventing direct exposure of the backend application to the internet. The community discussion shows 100% consensus for option A, with high upvotes for comments explaining that Cloud Armor is specifically designed for this purpose using IP rules or Common Expression Language (CEL). Other options are unsuitable: Network Load Balancing (B) operates at layer 4 and doesn't provide IP blocking capabilities; SSL Proxy Load Balancing (C) handles SSL termination but lacks built-in IP blocking; NAT Gateway (D) provides outbound NAT functionality, not inbound traffic filtering.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
An engineering team is deploying a public-facing web application hosted across multiple Google Cloud regions. Traffic is routed to the appropriate regional backend based on the requested URL. The team needs to prevent the application from being directly exposed to the internet and block traffic from a known list of malicious IP addresses.
Which solution should be implemented to meet these requirements?
A
Cloud Armor
B
Network Load Balancing
C
SSL Proxy Load Balancing
D
NAT Gateway