Google Cloud Professional Cloud Security Engineer — Question 223

A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer's internal compliance requirements dictate that end- user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP's native SYN flood protection.
Which product should be used to meet these requirements?

Answer options

• A. Cloud Armor
• B. VPC Firewall Rules
• C. Cloud Identity and Access Management
• D. Cloud CDN

Correct answer: B

Explanation

The correct answer is B, VPC Firewall Rules, as they can be configured to allow or deny traffic based on source IP ranges, which aligns with the customer's requirement to restrict access to a specific known good CIDR. Option A, Cloud Armor, is primarily focused on application-level DDoS protection and does not specifically address CIDR-based access control. Option C, Cloud Identity and Access Management, is related to user permissions and roles rather than network traffic control. Option D, Cloud CDN, is used for content delivery optimization and does not relate to access restrictions based on CIDR.