PROFESSIONAL-CLOUD-ARCHITECT · Question #309
PROFESSIONAL-CLOUD-ARCHITECT Question #309: Real Exam Question with Answer & Explanation
The correct answer is A: Cloud Armor. Option A is the CORRECT choice because Cloud Armor delivers defense at scale against infrastructure and application Distributed Denial of Service (DDoS) attacks using Google’s global infrastructure and security systems. Option B is INCORRECT because, Cloud-Identity Aware Proxy le
Question
A digital Media company has recently moved its infrastructure from On-premise to Google Cloud, they have several instances under a Global HTTPS load balancer, a few days ago the Application and Infrastructure were subjected to DDOS attacks, they are looking for a service that would provide a defense mechanism against the DDOS attacks. Please select the relevant service.
Options
- ACloud Armor
- BCloud-Identity Aware Proxy
- CGCP Firewalls
- DIAM policies
Explanation
Option A is the CORRECT choice because Cloud Armor delivers defense at scale against infrastructure and application Distributed Denial of Service (DDoS) attacks using Google’s global infrastructure and security systems. Option B is INCORRECT because, Cloud-Identity Aware Proxy lets you establish a central authorization layer for applications accessed by HTTPS, so you can use an application-level access control model instead of relying on network-level firewalls. Option C is INCORRECT because GCP firewalls rules don’t apply for HTTP(S) Load Balancers, while Cloud Armor is delivered at the edge of Google’s network, helping to block attacks close to Option D. IAM policies doesn’t help in mitigating DDOS attacks.
Community Discussion
No community discussion yet for this question.