ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 215 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 215
Topic #: 1
[All Professional Cloud Network Engineer Questions]

Your organization deployed a mission critical application that is expected to be a new revenue source. As part of the planning and deployment process, you have recently implemented a security profile with the default set of threat signatures provided by Cloud Next Generation Firewall (Cloud NGFW). This application is the only application running on this project. You need to increase the security posture of the application to log the threat and drop the related packets. What should you do?

  • A. Configure a new default threat signature with Deny All to all severity options. Review the logs to understand the impact.
  • B. Set up a Linux VM as the frontend gateway for the application. Create iptables rules to drop all packets, excluding the application port.
  • C. For all severity options (critical, high, medium, low and informational) in the security profile, change the default override action to Deny.
  • D. Configure Cloud Scheduler to run a task that checks the Cloud NGFW logs to verify the threats. Configure the task to create a security profile with each signature ID set to override the default action.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by 1f01b87 at March 15, 2025, 7:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
n2183712847
1 month, 2 weeks ago
Selected Answer: C
C. For all severity options (critical, high, medium, low and informational) in the security profile, change the default override action to Deny.
upvoted 1 times
...
7103685
2 months, 2 weeks ago
Selected Answer: C
I don´t know what the answer is but A and C seem the same to me. As A contain part of the statament"you have recently implemented a security profile with the default set of threat signatures provided by Cloud Next Generation Firewall (Cloud NGFW)"
upvoted 1 times
...
Gwendal
2 months, 2 weeks ago
Selected Answer: C
Deny: logs the threat and drops the packet. https://cloud.google.com/firewall/docs/about-security-profiles#threat-prevention-profile
upvoted 1 times
...
Popa
2 months, 3 weeks ago
Selected Answer: A
The most balanced and effective approach seems to align better with A: A. Configure a new default threat signature with Deny All to all severity options. Review the logs to understand the impact. Why A Could Be Correct: Proactive Logging and Review: This option allows you to test and analyze the impact of a more aggressive blocking policy, while simultaneously reviewing logs to fine-tune the security profile before putting it into production. Incremental Improvement: By observing the behavior of the application and understanding what is being blocked, you can avoid negatively affecting legitimate traffic while improving the security posture over time.
upvoted 1 times
...
1f01b87
3 months ago
Selected Answer: B
Not sure what the right answer is here. But C doesn't make sense as it will drop traffic for ALL severity options, including informational. This could impact legitimate traffic.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel