Google Cloud Professional Cloud Security Engineer — Question 67

You plan to use a Google Cloud Armor policy to prevent common attacks such as cross-site scripting (XSS) and SQL injection (SQLi) from reaching your web application's backend. What are two requirements for using Google Cloud Armor security policies? (Choose two.)

Answer options

• A. The load balancer must be an external SSL proxy load balancer.
• B. Google Cloud Armor Policy rules can only match on Layer 7 (L7) attributes.
• C. The load balancer must use the Premium Network Service Tier.
• D. The backend service's load balancing scheme must be EXTERNAL.
• E. The load balancer must be an external HTTP(S) load balancer.

Correct answer: D, E

Explanation

The correct answers, D and E, are required because Google Cloud Armor policies can only be applied to external HTTP(S) load balancers and the backend must be configured to use an EXTERNAL load balancing scheme. Options A and C are incorrect as they do not relate to the requirements for using Google Cloud Armor, and option B is misleading since it doesn't address the load balancer type needed.