Google Cloud Professional Cloud Network Engineer — Question 221

You recently reviewed the user behavior for your main application, which uses an external global Application Load Balancer, and found that the backend servers were overloaded due to erratic spikes in the rate of client requests. You need to limit the concurrent sessions and return an HTTP 429 Too Many Requests response back to the client while following Google-recommended practices. What should you do?

Answer options

• A. Create a Cloud Armor security policy, and associate the policy with the load balancer. Configure the security policy's settings as follows: action: throttle; conform action: allow; exceed action: deny-429.
• B. Configure the load balancer to accept only the defined amount of requests per client IP address, increase the backend servers to support more traffic, and redirect traffic to a different backend to burst traffic.
• C. Create a Cloud Armor security policy, and apply the predefined Open Worldwide Security Application Project (OWASP) rules to automatically implement the rate limit per client IP address.
• D. Configure a VM with Linux, implement the rate limit through iptables, and use a firewall rule to send an HTTP 429 response to the client application.

Correct answer: A

Explanation

Option A is correct because it directly implements a security policy using Cloud Armor to throttle requests and return HTTP 429 responses, which aligns with Google’s best practices. Option B does not provide a mechanism to send a 429 response and focuses on scaling backend servers instead. Option C applies predefined OWASP rules, but it may not specifically address the need for a 429 response. Option D involves manual configuration on a VM, which is not as efficient or scalable as using Cloud Armor.