Answer-first summary for fast verification
Answer: Google Cloud Armor's preconfigured rules in preview mode
The question asks for a service to validate security policy changes before enforcing them for a public web application. Google Cloud Armor's preview mode is specifically designed for this purpose, allowing rules to be tested in a monitoring-only state where actions are logged in Cloud Monitoring without blocking traffic. This aligns with the requirement to validate policy changes against common web attacks before enforcement. The community discussion strongly supports option A with 100% consensus and upvoted explanations citing Google's documentation. Other options are less suitable: B (VPC firewall monitor mode) applies to network-level rules, not web application protection; C (GFE protections) are inherent and not configurable for validation; D (Cloud Load Balancing firewall rules) lack a preview feature; E (VPC Service Controls dry run) focuses on data exfiltration, not web attacks.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to test security policy changes for a public Google Cloud web application before enforcing them to protect against common attacks. Which service should you use for this validation?
A
Google Cloud Armor's preconfigured rules in preview mode
B
Prepopulated VPC firewall rules in monitor mode
C
The inherent protections of Google Front End (GFE)
D
Cloud Load Balancing firewall rules
E
VPC Service Controls in dry run mode
No comments yet.