Google Cloud Professional Cloud Network Engineer — Question 119

You recently configured Google Cloud Armor security policies to manage traffic to your application. You discover that Google Cloud Armor is incorrectly blocking some traffic to your application. You need to identity the web application firewall (WAF) rule that is incorrectly blocking traffic. What should you do?

Answer options

• A. Enable firewall logs, and view the logs in Firewall Insights.
• B. Enable HTTP(S) Load Balancing logging with sampling rate equal to 1, and view the logs in Cloud Logging.
• C. Enable VPC Flow Logs, and view the logs in Cloud Logging.
• D. Enable Google Cloud Armor audit logs, and view the logs on the Activity page in the Google Cloud Console.

Correct answer: B

Explanation

The correct answer is B because enabling HTTP(S) Load Balancing logging with a sampling rate of 1 provides detailed insights into the traffic and the specific requests being blocked by the WAF rules. Option A focuses on firewall logs which may not provide detailed insights into HTTP traffic. Option C deals with network-level traffic rather than application-level issues, and Option D offers audit logs that are less suited for troubleshooting specific traffic blocking.