Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Google Exam Professional-Cloud-Network-Engineer Topic 3 Question 94 Discussion

Actual exam question for Google's Professional Cloud Network Engineer exam
Question #: 94
Topic #: 3
[All Professional Cloud Network Engineer Questions]

Your team is developing an application that will be used by consumers all over the world. Currently, the application sits behind a global external application load balancer You need to protect the application from potential application-level attacks. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: C

The correct answer is C because it meets the requirement of protecting the application from potential application-level attacks.Google Cloud Armor security policies are sets of rules that match on attributes from Layer 3 to Layer 7 to protect externally facing applications1.Web application firewall (WAF) rules are predefined rules that detect and mitigate common web attacks such as cross-site scripting (XSS), SQL injection, remote file inclusion, and more2. By applying a Google Cloud Armor security policy with WAF rules to the backend service, you can filter out malicious requests before they reach your application.

Option A is incorrect because Cloud CDN is a content delivery network that caches static content at the edge of Google's network, but it does not provide any protection against application-level attacks3.Option B is incorrect because firewall rules are applied at the VPC network level, not at the load balancer level4.Firewall rules also only match on Layer 3 and 4 attributes, not on Layer 7 attributes that are relevant for application-level attacks4. Option D is incorrect because VPC Service Controls perimeter is a feature that helps you secure your data from unauthorized access by users outside your organization, but it does not protect your application from external attacks.


Security policy overview | Google Cloud Armor

Web application firewall (WAF) rules | Google Cloud Armor

Cloud CDN overview | Google Cloud

Using firewall rules | VPC

[VPC Service Controls overview | Google Cloud]

by Dominque at Sep 15, 2024, 01:22 AM

Limited Time Offer

25%

Off

Get Premium Professional-Cloud-Network-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Noble
14 days ago
I'm not sure, option B also sounds like a good way to block malicious users.
upvoted 0 times
...
Shaniqua
16 days ago
I agree with Renay, option C seems like the best choice to protect the application.
upvoted 0 times
...
Renay
23 days ago
I think we should go with option C.
upvoted 0 times
...
Penney
24 days ago
I'm feeling a bit hungry just thinking about all these options. Maybe we should order some pizza and hash this out over a slice or two?
upvoted 0 times
Reta
8 days ago
I agree, that seems like the best way to protect the application from potential attacks.
upvoted 0 times
...
Jimmie
11 days ago
I think we should go with option C) Create a Google Cloud Armor security policy with web application firewall rules.
upvoted 0 times
...
Caprice
13 days ago
That sounds like a great idea! I could go for some pizza right now.
upvoted 0 times
...
...
Louvenia
26 days ago
Hold up, Option D with the VPC Service Controls sounds interesting too. Gotta keep those backend services locked down, you know?
upvoted 0 times
...
Fairy
27 days ago
Option C looks like the way to go. A web application firewall can really help protect against those pesky application-level attacks.
upvoted 0 times
Gracia
16 days ago
Definitely, a web application firewall can provide an extra layer of security for our global application.
upvoted 0 times
...
Cherelle
17 days ago
I agree, option C seems like the best choice to protect the application from application-level attacks.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77