Exam Professional Cloud Security Engineer topic 1 question 325 discussion

Actual exam question from Google's Professional Cloud Security Engineer

Question #: 325
Topic #: 1

[All Professional Cloud Security Engineer Questions]

Your organization manages a critical web application that serves international customers on Google Cloud. An increase in malicious traffic targeting this application has strained resources and caused periods of downtime. You need to design security measures to increase the application's resilience against web attacks, enhance perimeter protection, and provide access control. What should you do?

A. Employ network load balancing for traffic distribution. Update Identity-Aware Proxy (IAP) policies to allow only administrative access. Implement custom firewall rules on all external IP addresses.
B. Set up firewall rules on Compute Engine instances within the application's environment. Rely on load balancers for threat detection. Increase instance resources to cope with attack volume.
C. Configure firewall rules to block traffic from known malicious IP ranges. Set up Google Cloud Armor and implement Identity-Aware Proxy (IAP) for granular access control.
D. Add firewall rules that restrict all internal IP ranges. Establish Cloud DNS security policies. Disable external IP addresses to reduce the attack surface. Create user groups for access control.

Show Suggested Answer

Suggested Answer: C 🗳️

by smgcp2024 at July 7, 2025, 1:05 a.m.

Comments

Submit Cancel

smgcp2024

2 days, 10 hours ago

Selected Answer: D

Why C?. There is no known IP address

upvoted 1 times

...