Answer-first summary for fast verification
Answer: The backend service's load balancing scheme must be EXTERNAL., The load balancer must be an external HTTP(S) load balancer.
The question asks for two prerequisites for using Google Cloud Armor security policies to prevent XSS and SQLi attacks. Based on Google Cloud documentation and community consensus (with DE being the most upvoted answer at 92%), the correct options are D and E. Option D is correct because the backend service's load balancing scheme must be EXTERNAL (or EXTERNAL_MANAGED for specific load balancers). Option E is correct because Google Cloud Armor primarily supports external HTTP(S) load balancers for web application firewall (WAF) functionality, which is necessary to inspect and block layer 7 attacks like XSS and SQLi. Option A is incorrect because external SSL proxy load balancers do not support WAF features needed for XSS/SQLi prevention. Option B is incorrect as Cloud Armor can match on attributes from layers 3 to 7, not just layer 7. Option C is incorrect because Cloud Armor works with both Premium and Standard Network Service Tiers.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are implementing a Google Cloud Armor security policy to protect your web application's backend from common attacks like cross-site scripting (XSS) and SQL injection (SQLi). What are two prerequisites for using Google Cloud Armor security policies? (Choose two.)
A
The load balancer must be an external SSL proxy load balancer.
B
Google Cloud Armor Policy rules can only match on Layer 7 (L7) attributes.
C
The load balancer must use the Premium Network Service Tier.
D
The backend service's load balancing scheme must be EXTERNAL.
E
The load balancer must be an external HTTP(S) load balancer.