Exam Professional Cloud Network Engineer topic 1 question 54 discussion

A & C Cloud Armor is the solution to prevent and mitigate attack (DDOS SQL injection and so on), it's a revenue generating so have to be alive and protected. No Cloud Armor is not a firewall. Using the CA language you have tons of prebuild rules to evaluate and block the malicious traffic in automatic way. You can put the rule blocking a specific traffic but it's not there the value (you have the firewall for that). Than you need C cause Cloud Armor require an HTTP(s) load balancer (that can be used cause it's a web application)

I think B,E are actually correct. A and C would increase cost to global LB, change app architecture, and could potential block legitimate traffic since you “think” it is a DDoS, but do i not know. I do not think google would recommend blocking traffic unless you KNOW. So a temp increase in auto scale, with further investigation is the best course of action. It may lead to some short-term cost increase, but ultimately less cost increase than moving to global LB premium tier with cloudarmor.

Why Not the Other Options? ❌ B. Increase the maximum autoscaling backend Scaling up indefinitely does not stop the attack, and it increases costs dramatically. Without blocking the malicious traffic, your instances will continue getting overwhelmed. ❌ D. Shut down the entire application This is not a viable solution—taking down your application means legitimate users also lose access. The attacker could simply restart the attack when you go back online. ❌ E. SSH into backend instances to analyze logs Too slow for immediate mitigation. While log analysis is useful after the attack, it doesn’t help quickly restore service for real users.

A and C are correct

Best Choice: A & C is the better option to quickly restore user access and allow successful transactions while minimizing cost. Cloud Armor filters malicious traffic right away, while the Global HTTP(S) Load Balancer provides a more robust and scalable solution for long-term protection and handling of legitimate traffic.

A&C Unlike the Network Load Balancer, an HTTP(S) Load Balancer integrates with Cloud Armor and provides additional protection mechanisms such as rate limiting and advanced filtering.

Network load balancer does not support Cloud Armor

Cloud Armor cannot be used with Network Load balancer, it operates at layer 7.I go with B and C and it require to restore Not to remediate.

cant be B, you have to minimize the cost

B. Increase the maximum autoscaling backend to accommodate the severe bursty traffic: This approach might provide temporary relief but does not address the root cause (the DDoS attack). It could also significantly increase costs without solving the underlying issue.

A and C are the correct two steps we should take. These steps complete the purpose. The question is not asking for two separate approaches.

There is some amount of Cloud Armor integration supported with Network Passthrough Load Balancers: There is some amount of integration supported for Cloud Armor with Network Load Balancers: https://cloud.google.com/armor/docs/advanced-network-ddos

The objective is to quickly restore user access. So A & B. Later you can move to an HTTP LB which makes sense also.

AC is the best answer. you can only use Cloud Armor with HTTP LB, not network LB.

AC is the correct

This is the textbook scenario for Cloud Armor + GCLB, so given that this is a Google exam, it seems pretty obvious to select AC. It's actually really simple to switch the BE from one LB to another and would not add huge cost.

A. Use Cloud Armor to blacklist the attacker's IP addresses. Cloud Armor is a security service on Google Cloud that allows you to defend your applications and services from Distributed Denial of Service (DDoS) attacks. By configuring blacklisting rules in Cloud Armor, you can block traffic from specific IP addresses or ranges associated with the attack, helping to mitigate the impact on your application. B. Increase the maximum autoscaling backend to accommodate the severe bursty traffic. By increasing the maximum number of instances in your autoscaling backend, you allow your infrastructure to dynamically scale up to handle the increased traffic during the DDoS attack. This helps ensure that your application can continue to serve legitimate user requests even under heavy load.