Google Cloud Professional Cloud Network Engineer — Question 37

You want to apply a new Cloud Armor policy to an application that is deployed in Google Kubernetes Engine (GKE). You want to find out which target to use for your Cloud Armor policy.
Which GKE resource should you use?

Answer options

• A. GKE Node
• B. GKE Pod
• C. GKE Cluster
• D. GKE Ingress

Correct answer: D

Explanation

The correct answer is D, GKE Ingress, because Cloud Armor policies are applied at the HTTP(S) load balancer level, which is implemented through Ingress resources in GKE. The other options, such as GKE Node, GKE Pod, and GKE Cluster, do not serve as entry points for traffic where Cloud Armor can be applied.