ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 235 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 235
Topic #: 1
[All Professional Cloud Network Engineer Questions]

Your company uses web application firewall (WAF) capabilities from a third-party cloud WAF provider. This WAF provider proxies all the HTTPS connections from internet clients, applies security policies, and then opens a new HTTPS connection to the public IP address of your global Application Load Balancer in Google Cloud. Your Google Cloud workloads are the backend of this global Application Load Balancer. Currently, Cloud Am1or is not configured. You need to create a Cloud Armor security policy that blocks sessions that originate from internet clients with source IP addresses that belong to the IP_RANGE_BLOCK IP range. The block must be executed by the Cloud Armor security policy; it will not be done by the third-party cloud WAF provider. Whal should you do?

  • A. 1. Create a new Cloud Armor network edge security policy. In the policy, set the userIpRequestHeaders[] attribute.
    2. Add a policy rule that denies traffic that matches inIpRange(origin.user_ip, 'IP_RANGE_BLOCK') statement.
    3. Apply the policy to the backend service that includes all your Google Cloud workloads.
  • B. 1. Create a new Cloud Armor network edge security policy. In the policy, set the userIpRequestHeaders[] attribute.
    2. Add a policy rule that denies traffic that matches the inIpRange(origin.ip, 'IP_RANGE_BLOCK') statement.
    3. Apply the policy to the backend service that includes all your Google Cloud workloads.
  • C. 1. Create a new Cloud Armor backend security policy. In the policy, set the userIpRequestHeaders[] attribute.
    2. Add a policy rule that denies traffic that matches the inIpRange(origin.user_ip, 'IP_RANGE_BLOCK') statement.
    3. Apply the policy to the backend service that includes all your Google Cloud workloads.
  • D. 1. Create a new Cloud Armor backend security policy. In the policy, set the userIpRequestHeaders[] attribute.
    2. Add a policy rule that denies traffic that matches the inIpRange(origin.ip, 'IP_RANGE_BLOCK') statement.
    3. Apply the policy to the backend service that includes all your Google Cloud workloads.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by RKS_2021 at March 6, 2025, 4:49 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
n2183712847
1 month, 2 weeks ago
Selected Answer: C
It is C
upvoted 1 times
...
1f01b87
3 months ago
Selected Answer: C
C is the correct answer
upvoted 1 times
...
RKS_2021
3 months, 2 weeks ago
Selected Answer: C
C is correct origin.user_ip ---The IP address of the originating client, which is included in the HTTP-HEADER by an upstream proxy.
upvoted 2 times
RKS_2021
3 months, 2 weeks ago
https://cloud.google.com/armor/docs/rules-language-reference
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel