ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 107 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 107
Topic #: 1
[All Professional Cloud Network Engineer Questions]

You recently configured Google Cloud Armor security policies to manage traffic to your application. You discover that Google Cloud Armor is incorrectly blocking some traffic to your application. You need to identity the web application firewall (WAF) rule that is incorrectly blocking traffic. What should you do?

  • A. Enable firewall logs, and view the logs in Firewall Insights.
  • B. Enable HTTP(S) Load Balancing logging with sampling rate equal to 1, and view the logs in Cloud Logging.
  • C. Enable VPC Flow Logs, and view the logs in Cloud Logging.
  • D. Enable Google Cloud Armor audit logs, and view the logs on the Activity page in the Google Cloud Console.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by ccieman2016 at Dec. 2, 2022, 4:31 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
desertlotus1211
8 months, 1 week ago
Answer B seems to be the better choice: https://cloud.google.com/armor/docs/troubleshooting "Review the HTTP(S) logs to determine which policy and rule were matched for your traffic along with the associated action. To view the logs, use Cloud Logging."
upvoted 2 times
...
akhileshgalav
10 months ago
D should be the answer
upvoted 1 times
aygitci
9 months, 3 weeks ago
Why? Can you detail your response please
upvoted 1 times
...
...
Komal697
1 year, 7 months ago
Selected Answer: B
Enabling HTTP(S) Load Balancing logging with a sampling rate of 1 allows you to see detailed logs of all the traffic flowing through the load balancer, including any traffic that may have been blocked by Google Cloud Armor. By analyzing the logs in Cloud Logging, you can identify the specific WAF rule that is blocking the traffic and adjust your Google Cloud Armor security policy accordingly.
upvoted 2 times
...
fad3r
1 year, 7 months ago
B Because Google Cloud Armor logs are part of the Cloud Load Balancing logs, Google Cloud Armor log generation is subject to the log sampling rate configured for your load balancer. If you reduce the sampling rate for your HTTP(S) Load Balancing, External TCP Proxy Load Balancing, or External SSL Proxy Load Balancing, your Google Cloud Armor requests logs are sampled at that reduced rate. D doesn't exist
upvoted 1 times
...
pk349
1 year, 9 months ago
• B. Enable HTTP(S) ***** Load Balancing logging with sampling rate equal to 1, and view the logs in Cloud Logging. Remember: Where there is Cloud Armor there is HTTP(S) Load Balancer
upvoted 2 times
...
AzureDP900
1 year, 10 months ago
B is correct
upvoted 1 times
AzureDP900
1 year, 10 months ago
https://cloud.google.com/load-balancing/docs/https/https-logging-monitoring n the Sample rate field, set the sampling probability. You can set a number from 0.0 through 1.0, where 0.0 means that no requests are logged and 1.0 means that 100% of the requests are logged. The default value is 1.0.
upvoted 3 times
...
...
playpacman
1 year, 11 months ago
Selected Answer: B
Its B as it uses the LB for logging: https://cloud.google.com/armor/docs/best-practices
upvoted 1 times
...
ccieman2016
1 year, 11 months ago
Selected Answer: B
I think is B. https://cloud.google.com/armor/docs/troubleshooting#traffic-allowed-despite-deny-rule
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago