ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Subtask 5.2: Ensure solution and operations reliabilitySecurityCloud ArmorDDoSLoad Balancing

GCP PCA · Question 36 · Ensure solution and operations reliability

Your company hosts a public-facing web application on GKE behind a Global External HTTP(S) Load Balancer. You notice a sudden spike in traffic originating from a specific country, which is causing performance degradation. The traffic appears to be a Layer 7 DDoS attack. How can you quickly mitigate this?

Answer options:

A.

Update the VPC Firewall rules to block the IP ranges of the specific country.

B.

Create a Cloud Armor security policy to deny traffic from the specific country and attach it to the Load Balancer's backend service.

C.

Configure Identity-Aware Proxy (IAP) to require user authentication.

D.

Scale up the GKE cluster to absorb the attack.

How to approach this question

Identify the GCP service designed for edge security, WAF, and DDoS protection.

Full Answer

B.Create a Cloud Armor security policy to deny traffic from the specific country and attach it to the Load Balancer's backend service.✓ Correct
Google Cloud Armor provides DDoS protection and WAF capabilities. It is attached to the backend services of a Global External HTTP(S) Load Balancer. You can easily create a rule in Cloud Armor to block traffic based on geographic location (geo-blocking), which drops the malicious requests at the edge of Google's network, protecting your GKE resources and saving costs.

Common mistakes

Trying to use VPC Firewall rules, which are Layer 4 and sit behind the load balancer, making them ineffective for edge DDoS mitigation.
35All questions37

Practice the full GCP Professional Cloud Architect Practice Exam 1

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...HardQ02**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...MediumQ03**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...HardQ04**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...MediumQ05**CASE STUDY: TechStream Gaming** **Company Overview:** TechStream Gaming is a global gaming com...Medium
View all 50 questions →