Google Cloud Professional Cloud Network Engineer — Question 61

Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You have recently engaged a traffic-scrubbing service and want to restrict your origin to allow connections only from the traffic-scrubbing service.
What should you do?

Answer options

• A. Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing service.
• B. Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service.
• C. Create a VPC Service Control Perimeter that blocks all traffic except for the traffic-scrubbing service.
• D. Create IPTables firewall rules that block all traffic except for the traffic-scrubbing service.

Correct answer: A

Explanation

The correct answer is A because a Cloud Armor Security Policy is specifically designed to manage and filter traffic at the load balancer level, making it ideal for restricting access to only the traffic-scrubbing service. Options B, C, and D are incorrect as they do not provide the same level of control and integration with the global load balancer for this specific use case.