Google Cloud Professional Cloud Network Engineer — Question 89

You are designing a new global application using Compute Engine instances that will be exposed by a global HTTP(S) load balancer. You need to secure your application from distributed denial-of-service and application layer (layer 7) attacks. What should you do?

Answer options

• A. Configure VPC Service Controls and create a secure perimeter. Define fine-grained perimeter controls and enforce that security posture across your Google Cloud services and projects.
• B. Configure a Google Cloud Armor security policy in your project, and attach it to the backend service to secure the application.
• C. Configure VPC firewall rules to protect the Compute Engine instances against distributed denial-of-service attacks.
• D. Configure hierarchical firewall rules for the global HTTP(S) load balancer public IP address at the organization level.

Correct answer: B

Explanation

The correct answer is B because Google Cloud Armor provides specialized protection against DDoS and application layer attacks when attached to the backend service. Options A, C, and D do not specifically address layer 7 attack protection as effectively as Google Cloud Armor does.