Ensure solution and operations reliability — GCP PCA Practice Question 36

How to approach this question

Identify the GCP service designed for edge security, WAF, and DDoS protection.

Full Answer

B.Create a Cloud Armor security policy to deny traffic from the specific country and attach it to the Load Balancer's backend service.✓ Correct

Create a Cloud Armor security policy to deny traffic from the specific country and attach it to the Load Balancer's backend service.

Google Cloud Armor provides DDoS protection and WAF capabilities. It is attached to the backend services of a Global External HTTP(S) Load Balancer. You can easily create a rule in Cloud Armor to block traffic based on geographic location (geo-blocking), which drops the malicious requests at the edge of Google's network, protecting your GKE resources and saving costs.

Common mistakes

Trying to use VPC Firewall rules, which are Layer 4 and sit behind the load balancer, making them ineffective for edge DDoS mitigation.

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 1

More questions from this exam