Google Cloud Professional Cloud Security Engineer — Question 189

Your organization manages a critical web application that serves international customers on Google Cloud. An increase in malicious traffic targeting this application has strained resources and caused periods of downtime. You need to design security measures to increase the application's resilience against web attacks, enhance perimeter protection, and provide access control. What should you do?

Answer options

• A. Employ network load balancing for traffic distribution. Update Identity-Aware Proxy (IAP) policies to allow only administrative access. Implement custom firewall rules on all external IP addresses.
• B. Set up firewall rules on Compute Engine instances within the application's environment. Rely on load balancers for threat detection. Increase instance resources to cope with attack volume.
• C. Configure firewall rules to block traffic from known malicious IP ranges. Set up Google Cloud Armor and implement Identity-Aware Proxy (IAP) for granular access control.
• D. Add firewall rules that restrict all internal IP ranges. Establish Cloud DNS security policies. Disable external IP addresses to reduce the attack surface. Create user groups for access control.

Correct answer: C

Explanation

Option C is correct because it combines proactive measures such as blocking known malicious IPs with Google Cloud Armor for defense against attacks and Identity-Aware Proxy for refined access control. Option A lacks specific measures against malicious traffic, while option B does not adequately address access control and relies too much on increased resources. Option D focuses too much on limiting internal access and does not effectively protect against external threats.