ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 264 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 264
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Customers complain about error messages when they access your organization's website. You suspect that the web application firewall rules configured in Cloud Armor are too strict. You want to collect request logs to investigate what triggered the rules and blocked the traffic. What should you do?

  • A. Modify the Application Load Balancer backend and increase the tog sample rate to a higher number.
  • B. Enable logging in the Application Load Balancer backend and set the log level to VERBOSE in the Cloud Armor policy.
  • C. Change the configuration of suspicious web application firewall rules in the Cloud Armor policy to preview mode.
  • D. Create a log sink with a filter for togs containing redirected_by_security_policy and set a BigQuery dataset as destination.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by yokoyan at Sept. 6, 2024, 1:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Pime13
4 months, 3 weeks ago
Selected Answer: B
https://cloud.google.com/armor/docs/verbose-logging You can adjust the level of detail recorded in your logs. We recommend that you enable verbose logging only when you first create a policy, make changes to a policy, or troubleshoot a policy. If you enable verbose logging, it is in effect for rules in preview mode as well as active (non-previewed) rules during standard operations.
upvoted 1 times
...
cachopo
4 months, 3 weeks ago
Selected Answer: B
Enabling verbose logging for your Cloud Armor policy provides the most detailed logs, including information about why specific requests triggered a WAF rule. This level of detail is critical for troubleshooting and refining security policies. - Verbose logging captures detailed request attributes that caused WAF rules to trigger, which are not available in default (normal) logs. - By setting the log level to VERBOSE using the gcloud compute security-policies update command, you can collect the detailed logs needed for investigation.
upvoted 1 times
...
BPzen
5 months ago
Selected Answer: C
Other Rules Still Enforced: Only the specific rules switched to preview mode are not enforced. All other active rules in the Cloud Armor policy continue to block or redirect traffic as configured. This minimizes the exposure since you're not disabling the entire firewall. B. Enable logging in the Application Load Balancer backend and set the log level to VERBOSE in the Cloud Armor policy. Cloud Armor policies do not have a "VERBOSE" log level. While enabling logging at the backend captures some information, it does not specifically provide insights into which WAF rules were triggered.
upvoted 1 times
cachopo
4 months, 3 weeks ago
Actually, Cloud Armor does have "Verbose" log-level: https://cloud.google.com/armor/docs/verbose-logging It's okay to look for answers on Chatgpt. But try to compare the answers too because it's not foolproof.
upvoted 1 times
...
...
nah99
5 months ago
Selected Answer: B
B collects the logs you want. C has the side-effect of allowing the traffic which may not be appropriate during investigation
upvoted 1 times
...
kalbd2212
5 months, 1 week ago
C .. This helps you pinpoint the exact rules that are causing problems and understand why they are being triggered.
upvoted 1 times
...
d0fa7d5
7 months, 3 weeks ago
Selected Answer: B
I thought B is the correct answer. C is useful for testing the rule, but it doesn’t provide detailed logs. With B, detailed information about which rule caused the block is recorded, which helps in investigating the cause.
upvoted 4 times
...
yokoyan
7 months, 3 weeks ago
Selected Answer: B
I think it's B.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago