Your web application is deployed behind a Global HTTP(S) Load Balancer. You are experiencing a Layer 7 DDoS attack, specifically a flood of HTTP GET requests from various IP addresses attempting to exploit a SQL injection vulnerability. How should you mitigate this?

Answer options:

Configure VPC Firewall rules to block the attacking IP addresses.

Enable Identity-Aware Proxy (IAP) to authenticate all requests.

Configure Cloud Armor with preconfigured WAF rules for SQLi and rate limiting.

Deploy a third-party firewall appliance on Compute Engine and route all traffic through it.

How to approach this question

Identify the GCP service that provides Layer 7 Web Application Firewall (WAF) protection.

Full Answer

C.Configure Cloud Armor with preconfigured WAF rules for SQLi and rate limiting.✓ Correct

Configure Cloud Armor with preconfigured WAF rules for SQLi and rate limiting.

Google Cloud Armor is GCP's DDoS protection and WAF service. It sits at the edge of Google's network (attached to the Load Balancer) and can inspect incoming requests for common vulnerabilities (OWASP Top 10) like SQLi and XSS, dropping malicious traffic before it reaches your application.

Common mistakes

Choosing VPC Firewall rules (A), which cannot inspect Layer 7 HTTP traffic.

Question 27 All questions Question 29

Practice the full GCP Professional Cloud Architect Practice Exam 6

50 questions · hints · full answers · grading

More questions from this exam

Q01CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...Medium Q02CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...Medium Q03CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...Hard Q04CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...Medium Q05CASE STUDY: TechStream Gaming Overview: Industry: Gaming Size: 500 employees, $100M revenue Env...Easy

View all 50 questions →