ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 264 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 264
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Customers complain about error messages when they access your organization's website. You suspect that the web application firewall rules configured in Cloud Armor are too strict. You want to collect request logs to investigate what triggered the rules and blocked the traffic. What should you do?

  • A. Modify the Application Load Balancer backend and increase the tog sample rate to a higher number.
  • B. Enable logging in the Application Load Balancer backend and set the log level to VERBOSE in the Cloud Armor policy.
  • C. Change the configuration of suspicious web application firewall rules in the Cloud Armor policy to preview mode.
  • D. Create a log sink with a filter for togs containing redirected_by_security_policy and set a BigQuery dataset as destination.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by yokoyan at Sept. 6, 2024, 1:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BPzen
4 days, 17 hours ago
Selected Answer: C
Other Rules Still Enforced: Only the specific rules switched to preview mode are not enforced. All other active rules in the Cloud Armor policy continue to block or redirect traffic as configured. This minimizes the exposure since you're not disabling the entire firewall. B. Enable logging in the Application Load Balancer backend and set the log level to VERBOSE in the Cloud Armor policy. Cloud Armor policies do not have a "VERBOSE" log level. While enabling logging at the backend captures some information, it does not specifically provide insights into which WAF rules were triggered.
upvoted 1 times
...
nah99
6 days, 20 hours ago
Selected Answer: B
B collects the logs you want. C has the side-effect of allowing the traffic which may not be appropriate during investigation
upvoted 1 times
...
kalbd2212
1 week, 6 days ago
C .. This helps you pinpoint the exact rules that are causing problems and understand why they are being triggered.
upvoted 1 times
...
d0fa7d5
2 months, 3 weeks ago
Selected Answer: B
I thought B is the correct answer. C is useful for testing the rule, but it doesn’t provide detailed logs. With B, detailed information about which rule caused the block is recorded, which helps in investigating the cause.
upvoted 4 times
...
yokoyan
2 months, 4 weeks ago
Selected Answer: B
I think it's B.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel