Google Cloud Professional Cloud Security Engineer — Question 349

You are implementing a new web application on Google Cloud that will be accessed from your on-premises network. To provide protection from threats like malware, you must implement transport layer security (TLS) interception for incoming traffic to your application. What should you do?

Answer options

• A. Configure Secure Web Proxy. Offload the TLS traffic in the load balancer, inspect the traffic, and forward the traffic to the web application.
• B. Configure an internal proxy load balancer. Offload the TLS traffic in the load balancer inspect, the traffic and forward the traffic to the web application.
• C. Configure a hierarchical firewall policy. Enable TLS interception by using Cloud Next Generation Firewall (NGFW) Enterprise.
• D. Configure a VPC firewall rule. Enable TLS interception by using Cloud Next Generation Firewall (NGFW) Enterprise.

Correct answer: C

Explanation

The correct answer is C because it correctly involves using a hierarchical firewall policy to enable TLS interception via Cloud Next Generation Firewall (NGFW) Enterprise, which is designed for this purpose. Options A and B focus on load balancers and proxies, which do not provide the required interception capabilities. Option D mentions VPC firewall rules, which do not inherently support TLS interception either.