A & C Cloud Armor is the solution to prevent and mitigate attack (DDOS SQL injection and so on), it's a revenue generating so have to be alive and protected. No Cloud Armor is not a firewall. Using the CA language you have tons of prebuild rules to evaluate and block the malicious traffic in automatic way. You can put the rule blocking a specific traffic but it's not there the value (you have the firewall for that). Than you need C cause Cloud Armor require an HTTP(s) load balancer (that can be used cause it's a web application)

I think B,E are actually correct. A and C would increase cost to global LB, change app architecture, and could potential block legitimate traffic since you “think” it is a DDoS, but do i not know. I do not think google would recommend blocking traffic unless you KNOW. So a temp increase in auto scale, with further investigation is the best course of action. It may lead to some short-term cost increase, but ultimately less cost increase than moving to global LB premium tier with cloudarmor.

A and C are the correct two steps we should take. These steps complete the purpose. The question is not asking for two separate approaches.

There is some amount of Cloud Armor integration supported with Network Passthrough Load Balancers: There is some amount of integration supported for Cloud Armor with Network Load Balancers: https://cloud.google.com/armor/docs/advanced-network-ddos

The objective is to quickly restore user access. So A & B. Later you can move to an HTTP LB which makes sense also.

AC is the best answer. you can only use Cloud Armor with HTTP LB, not network LB.

AC is the correct

This is the textbook scenario for Cloud Armor + GCLB, so given that this is a Google exam, it seems pretty obvious to select AC. It's actually really simple to switch the BE from one LB to another and would not add huge cost.

A. Use Cloud Armor to blacklist the attacker's IP addresses. Cloud Armor is a security service on Google Cloud that allows you to defend your applications and services from Distributed Denial of Service (DDoS) attacks. By configuring blacklisting rules in Cloud Armor, you can block traffic from specific IP addresses or ranges associated with the attack, helping to mitigate the impact on your application. B. Increase the maximum autoscaling backend to accommodate the severe bursty traffic. By increasing the maximum number of instances in your autoscaling backend, you allow your infrastructure to dynamically scale up to handle the increased traffic during the DDoS attack. This helps ensure that your application can continue to serve legitimate user requests even under heavy load.

Cloud Armor can only be integrated with HTTP(S) load balancer, it's not supported with NLB. Hence, A is not correct. I'd go with option B & E.

B is not a good solution if you increase the scaling it will just keep increasing during a DDOS attacker will you more of your resources and you will pay higher price for malicious attack

C is wrony cause changes architecture

A & B - Option C) of HTTPS Load balancer is not a mandatory requirement. Google Cloud Armor also provides advanced network DDoS protection for external passthrough Network Load Balancers, protocol forwarding, and VMs with public IP addresses. https://cloud.google.com/armor/docs/security-policy-overview Standard network DDoS protection: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses. This is covered under Google Cloud Armor Standard and does not require any additional subscriptions. Advanced network DDoS protection: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses. https://cloud.google.com/armor/docs/advanced-network-ddos

auto scaling is already taken care as mentioned in question. So correct answer is to use Armor and https global load balancer.

BE Only

Blacklisting the attacker's IP addresses with Cloud Armor will help to prevent further traffic from the same source, reducing the impact of the attack. Increasing the maximum autoscaling backend will ensure that the application can handle the severe bursty traffic and continue to serve legitimate requests, reducing the impact on users.

A. Use Cloud Armor to blacklist the attacker’s IP addresses. This way, you can block malicious traffic from reaching your application and reduce the load on your backend instances. C. Create a global HTTP(s) load balancer and move your application backend to this load balancer. This way, you can leverage Cloud Armor’s integration with HTTP(s) load balancers and benefit from its advanced DDoS defense features.