PROFESSIONAL-CLOUD-SECURITY-ENGINEER · Question #372
PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #372: Real Exam Question with Answer & Explanation
The correct answer is D: Configure a Cloud Armor security policy with customized and pre-configured WAF rules for. The best solution is to configure a Cloud Armor security policy that includes both pre-configured and custom WAF rules for OWASP Top 10 vulnerabilities at the load balancer. This setup provides layer 7 protection against attacks like XSS and SQL injection, minimizes false positiv
Question
Your company hosts a critical web application on Google Cloud. The application is experiencing an increasing number of sophisticated layer 7 attacks, including cross-site scripting (XSS) and SQL injection attempts. You need to protect the application from these attacks while minimizing the impact on legitimate traffic and ensuring high availability. What should you do?
Options
- AImplement a load balancer in front of the web application instances, and enable Adaptive
- BConfigure Cloud Next Generation Firewall to block known malicious IP addresses targeting /32
- CEnable Google Cloud Armor's pre-configured WAF rules for OWASP Top 10 vulnerabilities at the
- DConfigure a Cloud Armor security policy with customized and pre-configured WAF rules for
Explanation
The best solution is to configure a Cloud Armor security policy that includes both pre-configured and custom WAF rules for OWASP Top 10 vulnerabilities at the load balancer. This setup provides layer 7 protection against attacks like XSS and SQL injection, minimizes false positives by allowing fine-tuned rule customization, and ensures high availability through integration with Google Cloud’s global load balancing.
Topics
Community Discussion
No community discussion yet for this question.