Google Cloud Professional Cloud Security Engineer — Question 235

An engineering team is launching a web application that will be public on the internet. The web application is hosted in multiple GCP regions and will be directed to the respective backend based on the URL request.
Your team wants to avoid exposing the application directly on the internet and wants to deny traffic from a specific list of malicious IP addresses.
Which solution should your team implement to meet these requirements?

Answer options

• A. Cloud Armor
• B. Network Load Balancing
• C. SSL Proxy Load Balancing
• D. NAT Gateway

Correct answer: A

Explanation

Cloud Armor is designed to provide security for applications by allowing you to define access control policies, including blocking traffic from specific IP addresses. The other options, such as Network Load Balancing and NAT Gateway, focus primarily on traffic distribution and network address translation rather than directly managing and filtering incoming malicious traffic.