Google Cloud Professional Cloud Security Engineer — Question 100

Your application is deployed as a highly available, cross-region solution behind a global external HTTP(S) load balancer. You notice significant spikes in traffic from multiple IP addresses, but it is unknown whether the IPs are malicious. You are concerned about your application's availability. You want to limit traffic from these clients over a specified time interval.

What should you do?

Answer options

• A. Configure a throttle action by using Google Cloud Armor to limit the number of requests per client over a specified time interval.
• B. Configure a rate_based_ban action by using Google Cloud Armor and set the ban_duration_sec parameter to the specified lime interval.
• C. Configure a firewall rule in your VPC to throttle traffic from the identified IP addresses.
• D. Configure a deny action by using Google Cloud Armor to deny the clients that issued too many requests over the specified time interval.

Correct answer: A

Explanation

The correct answer is A because configuring a throttle action with Google Cloud Armor allows you to limit the number of requests from each client over a defined time interval, effectively managing traffic spikes. Option B, while similar, focuses on banning rather than throttling, which may not be as effective for temporary spikes. Option C addresses firewall rules but does not specifically manage request rates, and option D outright denies clients instead of controlling their request rate, potentially affecting legitimate users.