Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Architect All Questions

View all questions & answers for the Professional Cloud Architect exam
Go to Exam

Exam Professional Cloud Architect topic 3 question 2 discussion

Actual exam question from Google's Professional Cloud Architect
Question #: 2
Topic #: 3
[All Professional Cloud Architect Questions]

For this question, refer to the Helicopter Racing League (HRL) case study. Recently HRL started a new regional racing league in Cape Town, South Africa. In an effort to give customers in Cape Town a better user experience, HRL has partnered with the Content Delivery Network provider, Fastly. HRL needs to allow traffic coming from all of the Fastly IP address ranges into their Virtual Private Cloud network (VPC network). You are a member of the HRL security team and you need to configure the update that will allow only the Fastly IP address ranges through the External HTTP(S) load balancer. Which command should you use?
A.

B.

C.

D.

Show Suggested Answer Hide Answer
Suggested Answer: A
Reference:
https://cloud.google.com/load-balancing/docs/https
by StelSen at Dec. 28, 2021, 8:14 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
technodev
Highly Voted 2 years, 10 months ago
Got this question in my exam, answered D
upvoted 42 times
...
elrizos
Highly Voted 2 years, 7 months ago
Is D: In the GCP doc can see the same example https://cloud.google.com/armor/docs/configure-security-policies#gcloud_11 "gcloud compute security-policies rules create 1000 \ --security-policy my-policy \ --expression "evaluatePreconfiguredExpr('sourceiplist-fastly')" \ --action "allow" "
upvoted 29 times
6b13108
11 months, 4 weeks ago
I can not see the same example in that document and I saw "evaluatePreconfiguredExpr" is for preconfigure WAF rules https://cloud.google.com/armor/docs/rule-tuning
upvoted 1 times
...
...
dfizban
Most Recent 1 month, 1 week ago
It's D
upvoted 1 times
...
Begum
2 months ago
The correct answer is D. The syntax for command must include --Security-policy, --expression or --src-in-ranges ( for option A IP range is wild card) hence correct answer is D.
upvoted 1 times
...
JohnJamesB1212
2 months ago
The most appropriate command for allowing traffic from all Fastly IP address ranges into the HRL Virtual Private Cloud (VPC) network through the External HTTP(S) load balancer would be: A. Create Cloud Armor Security Policy with the source IP ranges. Explanation: Cloud Armor is the tool designed specifically for protecting HTTP(S) load balancers and controlling access based on IP address ranges. It allows you to create security policies to allow or deny traffic from specific IP ranges, which is what you need to do for Fastly IPs. This approach is specifically designed for managing traffic to HTTP(S) load balancers, providing an additional layer of security that fits this scenario perfectly.
upvoted 1 times
JohnJamesB1212
2 months ago
Why Not the Other Options? B. Create Cloud Armor Security Policy with the source IP list: Cloud Armor requires IP ranges, not a simple list of IPs. C. Create firewall rule to allow source IP list: Firewall rules operate at the VPC network level, and while they control network access, they are not specifically tied to HTTP(S) load balancers and would not efficiently apply to this context. D. Create firewall rule to allow source IP range: Firewall rules can allow traffic from IP ranges, but again, they are applied at the VPC level. For HTTP(S) load balancer traffic, Cloud Armor is the correct tool to manage IP range access control.
upvoted 1 times
...
...
researched_answer_boi
6 months, 4 weeks ago
(D), or "Create Cloud Armor Security Policy with the source ip list" (considering @hashi's comment) looks correct. https://codelabs.developers.google.com/codelabs/cloud-cloudarmor#0
upvoted 3 times
...
dija123
7 months ago
Totally agree with D
upvoted 1 times
...
hashi
8 months, 1 week ago
I got this question in March 2024. As someone pointed out answers are reworked. Instead of asking for the command, the choices were given in wordings - something like the below. (Not the exact words) A. Create Cloud Armor Security Policy with the source ip ranges. B. Create Cloud Armor Security Policy with the source ip list C. Create firewall rule to allow source ip list D. Create firewall rule to allow source ip range Based on the answers for this question I went with "Create Cloud Armor Security Policy with the source ip list"
upvoted 13 times
Chandankm
5 months ago
what's the difference between options A & B, i.e. source IP "ranges" and "list" ? what's the reason for choosing one over another ? I've been through the documentation and these terms are used intermittently.
upvoted 1 times
Chandankm
4 months, 4 weeks ago
If the question really makes a distinction between ranges and lists as specified above, I'm quite disappointed with Google. It looks like they're more interested in throwing the examinee off-balance by confusing them with useless jargon rather than evaluating the actual skills.
upvoted 1 times
...
...
ccpmad
5 months, 2 weeks ago
Thank you for the info, but for me, in your question, I would choose D. Firewall rule. Firewalls are designed to efficiently manage network traffic. Allowing IP ranges simplifies administration and enhances performance by handling access from multiple IP addresses effectively.
upvoted 2 times
...
...
VidhyaBupesh
9 months, 1 week ago
D is right
upvoted 1 times
...
d0094d6
9 months, 3 weeks ago
should be D
upvoted 1 times
...
Pime13
9 months, 4 weeks ago
D is the solution
upvoted 1 times
...
didek1986
10 months, 1 week ago
D d d d
upvoted 1 times
...
gun123
10 months, 2 weeks ago
D is the ans
upvoted 1 times
...
MahAli
11 months, 2 weeks ago
I guess D
upvoted 1 times
...
odacir
1 year ago
D -> https://cloud.google.com/armor/docs/configure-security-policies#create-rules
upvoted 2 times
...
didek1986
1 year, 2 months ago
D for sure
upvoted 2 times
...
BiddlyBdoyng
1 year, 5 months ago
A. Looks like it opens to all IPs B. Incorrect syntax "ACTION must be one of: allow, deny, goto_next." C. Incorrect syntax "ACTION must be one of: allow, deny, goto_next." D. Assuming the preconfigured expression is good then its right.
upvoted 2 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel