ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 262 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 262
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your organization hosts a sensitive web application in Google Cloud. To protect the web application, you've set up a virtual private cloud (VPC) with dedicated subnets for the application's frontend and backend components. You must implement security controls to restrict incoming traffic, protect against web-based attacks, and monitor internal traffic. What should you do?

  • A. Configure Cloud Firewall to permit allow-listed traffic only, deploy Google Cloud Armor with predefined rules for blocking common web attacks, and deploy Cloud Intrusion Detection System (IDS) to detect internal traffic anomalies.
  • B. Configure Google Cloud Armor to allow incoming connections, configure DNS Security Extensions (DNSSEC) on Cloud DNS to secure against common web attacks, and deploy Cloud Intrusion Detection System (Cloud IDS) to detect internal traffic anomalies.
  • C. Configure Cloud Intrusion Detection System (Cloud IDS) to monitor incoming connections, deploy Identity-Aware Proxy (IAP) to block common web attacks, and deploy Google Cloud Armor to detect internal traffic anomalies.
  • D. Configure Cloud DNS to secure incoming traffic, deploy Cloud Intrusion Detection System (Cloud IDS) to detect common web attacks, and deploy Google Cloud Armor to detect internal traffic anomalies.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by yokoyan at Sept. 6, 2024, 1:29 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Pime13
4 months, 3 weeks ago
Selected Answer: A
Here's why: Cloud Firewall: By configuring the firewall to permit only allow-listed traffic, you can restrict incoming traffic to only trusted sources, enhancing security. Google Cloud Armor: This service provides protection against common web-based attacks such as DDoS and SQL injection by using predefined rules. Cloud Intrusion Detection System (IDS): Deploying IDS helps in monitoring internal traffic for any anomalies, ensuring that any suspicious activity within the VPC is detected and addressed promptly. This combination of services provides a comprehensive security posture for your sensitive web application, addressing both external and internal threats.
upvoted 1 times
...
MoAk
5 months, 1 week ago
Selected Answer: A
A is good.
upvoted 1 times
...
yokoyan
7 months, 3 weeks ago
Selected Answer: A
I think it's A.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago