- Home
- Google Cloud Certified - Professional Cloud Network Engineer
- Google.Professional-Cloud-Network-Engineer.v2024-02-10.q71
- Question 3
Valid Professional-Cloud-Network-Engineer Dumps shared by ExamDiscuss.com for Helping Passing Professional-Cloud-Network-Engineer Exam! ExamDiscuss.com now offer the newest Professional-Cloud-Network-Engineer exam dumps, the ExamDiscuss.com Professional-Cloud-Network-Engineer exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com Professional-Cloud-Network-Engineer dumps with Test Engine here:
Access Professional-Cloud-Network-Engineer Dumps Premium Version
(236 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 3/71
Your team is developing an application that will be used by consumers all over the world. Currently, the application sits behind a global external application load balancer You need to protect the application from potential application-level attacks. What should you do?
Correct Answer: C
The correct answer is C because it meets the requirement of protecting the application from potential application-level attacks. Google Cloud Armor security policies are sets of rules that match on attributes from Layer 3 to Layer 7 to protect externally facing applications1. Web application firewall (WAF) rules are predefined rules that detect and mitigate common web attacks such as cross-site scripting (XSS), SQL injection, remote file inclusion, and more2. By applying a Google Cloud Armor security policy with WAF rules to the backend service, you can filter out malicious requests before they reach your application.
Option A is incorrect because Cloud CDN is a content delivery network that caches static content at the edge of Google's network, but it does not provide any protection against application-level attacks3. Option B is incorrect because firewall rules are applied at the VPC network level, not at the load balancer level4. Firewall rules also only match on Layer 3 and 4 attributes, not on Layer 7 attributes that are relevant for application-level attacks4. Option D is incorrect because VPC Service Controls perimeter is a feature that helps you secure your data from unauthorized access by users outside your organization, but it does not protect your application from external attacks.
Reference:
Security policy overview | Google Cloud Armor
Web application firewall (WAF) rules | Google Cloud Armor
Cloud CDN overview | Google Cloud
Using firewall rules | VPC
[VPC Service Controls overview | Google Cloud]
Option A is incorrect because Cloud CDN is a content delivery network that caches static content at the edge of Google's network, but it does not provide any protection against application-level attacks3. Option B is incorrect because firewall rules are applied at the VPC network level, not at the load balancer level4. Firewall rules also only match on Layer 3 and 4 attributes, not on Layer 7 attributes that are relevant for application-level attacks4. Option D is incorrect because VPC Service Controls perimeter is a feature that helps you secure your data from unauthorized access by users outside your organization, but it does not protect your application from external attacks.
Reference:
Security policy overview | Google Cloud Armor
Web application firewall (WAF) rules | Google Cloud Armor
Cloud CDN overview | Google Cloud
Using firewall rules | VPC
[VPC Service Controls overview | Google Cloud]
- Question List (71q)
- Question 1: You want to create a service in GCP using IPv6. What should ...
- Question 2: You have deployed an HTTP(s) load balancer, but health check...
- Question 3: Your team is developing an application that will be used by ...
- Question 4: You want Cloud CDN to serve the https://www.example.com/imag...
- Question 5: Your organization has a single project that contains multipl...
- Question 6: You converted an auto mode VPC network to custom mode. Since...
- Question 7: In order to provide subnet level isolation, you want to forc...
- Question 8: Your organization is deploying a single project for 3 separa...
- Question 9: One instance in your VPC is configured to run with a private...
- Question 10: You are configuring load balancing for a standard three-tier...
- Question 11: After a network change window one of your company's applicat...
- Question 12: You configured Cloud VPN with dynamic routing via Border Gat...
- Question 13: You need to define an address plan for a future new Google K...
- Question 14: Your end users are located in close proximity to us-east1 an...
- Question 15: You are designing a new global application using Compute Eng...
- Question 16: You are planning a large application deployment in Google Cl...
- Question 17: Your organization has Compute Engine instances in us-east1, ...
- Question 18: You have created a firewall with rules that only allow traff...
- Question 19: You are responsible for enabling Private Google Access for t...
- Question 20: You are using a third-party next-generation firewall to insp...
- Question 21: You recently deployed your application in Google Cloud. You ...
- Question 22: Your company has a single Virtual Private Cloud (VPC) networ...
- Question 23: Your organization has a new security policy that requires yo...
- Question 24: You need to restrict access to your Google Cloud load-balanc...
- Question 25: You have configured Cloud CDN using HTTP(S) load balancing a...
- Question 26: You are designing the network architecture for your organiza...
- Question 27: You have the networking configuration shown In the diagram T...
- Question 28: Your organization uses a hub-and-spoke architecture with cri...
- Question 29: You need to configure the Border Gateway Protocol (BGP) sess...
- Question 30: You are using a 10-Gbps direct peering connection to Google ...
- Question 31: In your project my-project, you have two subnets in a Virtua...
- Question 32: You work for a university that is migrating to GCP. These ar...
- Question 33: You converted an auto mode VPC network to custom mode. Since...
- Question 34: You have recently been put in charge of managing identity an...
- Question 35: You are designing an IP address scheme for new private Googl...
- Question 36: You create a Google Kubernetes Engine private cluster and wa...
- Question 37: You need to establish network connectivity between three Vir...
- Question 38: Your on-premises data center has 2 routers connected to your...
- Question 39: You successfully provisioned a single Dedicated Interconnect...
- Question 40: Your company offers a popular gaming service. Your instances...
- Question 41: You created a new VPC for your development team. You want to...
- Question 42: You have applications running in the us-west1 and us-east1 r...
- Question 43: You are designing a hub-and-spoke network architecture for y...
- Question 44: You need to configure a Google Kubernetes Engine (GKE) clust...
- Question 45: You have created an HTTP(S) load balanced service. You need ...
- Question 46: Your company just completed the acquisition of Altostrat (a ...
- Question 47: Your organization uses a Shared VPC architecture with a host...
- Question 48: Your organization's security policy requires that all intern...
- Question 49: You have the following firewall ruleset applied to all insta...
- Question 50: You have a web application that is currently hosted in the u...
- Question 51: You are in the early stages of planning a migration to GCP. ...
- Question 52: You want to implement an IPSec tunnel between your on-premis...
- Question 53: Your company has a single Virtual Private Cloud (VPC) networ...
- Question 54: You have the following routing design. You discover that Com...
- Question 55: You recently configured Google Cloud Armor security policies...
- Question 56: You have deployed a proof-of-concept application by manually...
- Question 57: You are trying to update firewall rules in a shared VPC for ...
- Question 58: You have a storage bucket that contains the following object...
- Question 59: You are adding steps to a working automation that uses a ser...
- Question 60: You created a new VPC for your development team. You want to...
- Question 61: You need to create the network infrastructure to deploy a hi...
- Question 62: You want to use Partner Interconnect to connect your on-prem...
- Question 63: You want to apply a new Cloud Armor policy to an application...
- Question 64: Your company has separate Virtual Private Cloud (VPC) networ...
- Question 65: You have provisioned a Partner Interconnect connection to ex...
- Question 66: You want to configure a NAT to perform address translation b...
- Question 67: Your organization is implementing a new security policy to c...
- Question 68: You are deploying an application that runs on Compute Engine...
- Question 69: You have configured a service on Google Cloud that connects ...
- Question 70: You are maintaining a Shared VPC in a host project. Several ...
- Question 71: You create multiple Compute Engine virtual machine instances...
[×]
Download PDF File
Enter your email address to download Google.Professional-Cloud-Network-Engineer.v2024-02-10.q71.pdf