Google Cloud Professional Cloud Security Engineer — Question 321

Customers complain about error messages when they access your organization's website. You suspect that the web application firewall rules configured in Cloud Armor are too strict. You want to collect request logs to investigate what triggered the rules and blocked the traffic. What should you do?

Answer options

• A. Modify the Application Load Balancer backend and increase the tog sample rate to a higher number.
• B. Enable logging in the Application Load Balancer backend and set the log level to VERBOSE in the Cloud Armor policy.
• C. Change the configuration of suspicious web application firewall rules in the Cloud Armor policy to preview mode.
• D. Create a log sink with a filter for togs containing redirected_by_security_policy and set a BigQuery dataset as destination.

Correct answer: B

Explanation

The correct answer is B because enabling logging and setting the log level to VERBOSE will provide detailed information about the requests that are being processed, which helps identify why certain traffic is being blocked. Option A does not address the need for logging, while option C only changes the rule behavior without capturing the necessary logs. Option D, although useful for certain logs, does not directly help in understanding the web application firewall triggers.