Google Cloud Professional Cloud Security Engineer — Question 213

Your company hosts a critical web application on Google Cloud. The application is experiencing an increasing number of sophisticated layer 7 attacks, including cross-site scripting (XSS) and SQL injection attempts. You need to protect the application from these attacks while minimizing the impact on legitimate traffic and ensuring high availability. What should you do?

Answer options

• A. Implement a load balancer in front of the web application instances, and enable Adaptive Protection and throttling to mitigate the occurrence of these malicious requests.
• B. Configure Cloud Next Generation Firewall to block known malicious IP addresses targeting /32 addresses.
• C. Enable Google Cloud Armor’s pre-configured WAF rules for OWASP Top 10 vulnerabilities at the backend service.
• D. Configure a Cloud Armor security policy with customized and pre-configured WAF rules for OWASP Top 10 vulnerabilities at the load balancer.

Correct answer: D

Explanation

The correct answer is D because configuring a Cloud Armor security policy with both customized and pre-configured WAF rules specifically targets the OWASP Top 10 vulnerabilities, ensuring comprehensive protection against sophisticated attacks. Option A is insufficient as it relies solely on load balancing and does not focus on specific vulnerabilities. Option B is limited to blocking known malicious IPs and may not address the broader range of layer 7 attacks. Option C provides some protection but lacks the customization that a dedicated security policy can offer.