ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Architect All Questions

View all questions & answers for the Professional Cloud Architect exam
Go to Exam

Exam Professional Cloud Architect topic 3 question 2 discussion

Actual exam question from Google's Professional Cloud Architect
Question #: 2
Topic #: 3
[All Professional Cloud Architect Questions]

For this question, refer to the Helicopter Racing League (HRL) case study. Recently HRL started a new regional racing league in Cape Town, South Africa. In an effort to give customers in Cape Town a better user experience, HRL has partnered with the Content Delivery Network provider, Fastly. HRL needs to allow traffic coming from all of the Fastly IP address ranges into their Virtual Private Cloud network (VPC network). You are a member of the HRL security team and you need to configure the update that will allow only the Fastly IP address ranges through the External HTTP(S) load balancer. Which command should you use?
A.

B.

C.

D.

Show Suggested Answer Hide Answer
Suggested Answer: A
Reference:
https://cloud.google.com/load-balancing/docs/https
by StelSen at Dec. 28, 2021, 8:14 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
technodev
Highly Voted 3 years ago
Got this question in my exam, answered D
upvoted 44 times
...
elrizos
Highly Voted 2 years, 10 months ago
Is D: In the GCP doc can see the same example https://cloud.google.com/armor/docs/configure-security-policies#gcloud_11 "gcloud compute security-policies rules create 1000 \ --security-policy my-policy \ --expression "evaluatePreconfiguredExpr('sourceiplist-fastly')" \ --action "allow" "
upvoted 32 times
6b13108
1 year, 2 months ago
I can not see the same example in that document and I saw "evaluatePreconfiguredExpr" is for preconfigure WAF rules https://cloud.google.com/armor/docs/rule-tuning
upvoted 1 times
...
...
dfizban
Most Recent 3 months, 3 weeks ago
It's D
upvoted 1 times
...
Begum
4 months, 2 weeks ago
The correct answer is D. The syntax for command must include --Security-policy, --expression or --src-in-ranges ( for option A IP range is wild card) hence correct answer is D.
upvoted 1 times
...
JohnJamesB1212
4 months, 2 weeks ago
The most appropriate command for allowing traffic from all Fastly IP address ranges into the HRL Virtual Private Cloud (VPC) network through the External HTTP(S) load balancer would be: A. Create Cloud Armor Security Policy with the source IP ranges. Explanation: Cloud Armor is the tool designed specifically for protecting HTTP(S) load balancers and controlling access based on IP address ranges. It allows you to create security policies to allow or deny traffic from specific IP ranges, which is what you need to do for Fastly IPs. This approach is specifically designed for managing traffic to HTTP(S) load balancers, providing an additional layer of security that fits this scenario perfectly.
upvoted 1 times
JohnJamesB1212
4 months, 2 weeks ago
Why Not the Other Options? B. Create Cloud Armor Security Policy with the source IP list: Cloud Armor requires IP ranges, not a simple list of IPs. C. Create firewall rule to allow source IP list: Firewall rules operate at the VPC network level, and while they control network access, they are not specifically tied to HTTP(S) load balancers and would not efficiently apply to this context. D. Create firewall rule to allow source IP range: Firewall rules can allow traffic from IP ranges, but again, they are applied at the VPC level. For HTTP(S) load balancer traffic, Cloud Armor is the correct tool to manage IP range access control.
upvoted 1 times
...
...
researched_answer_boi
9 months, 1 week ago
(D), or "Create Cloud Armor Security Policy with the source ip list" (considering @hashi's comment) looks correct. https://codelabs.developers.google.com/codelabs/cloud-cloudarmor#0
upvoted 3 times
...
dija123
9 months, 2 weeks ago
Totally agree with D
upvoted 1 times
...
hashi
10 months, 3 weeks ago
I got this question in March 2024. As someone pointed out answers are reworked. Instead of asking for the command, the choices were given in wordings - something like the below. (Not the exact words) A. Create Cloud Armor Security Policy with the source ip ranges. B. Create Cloud Armor Security Policy with the source ip list C. Create firewall rule to allow source ip list D. Create firewall rule to allow source ip range Based on the answers for this question I went with "Create Cloud Armor Security Policy with the source ip list"
upvoted 15 times
exam4c3
1 week, 5 days ago
Fw rules are managed by VPC, not by cloud armor
upvoted 1 times
...
Chandankm
7 months, 2 weeks ago
what's the difference between options A & B, i.e. source IP "ranges" and "list" ? what's the reason for choosing one over another ? I've been through the documentation and these terms are used intermittently.
upvoted 1 times
Chandankm
7 months, 1 week ago
If the question really makes a distinction between ranges and lists as specified above, I'm quite disappointed with Google. It looks like they're more interested in throwing the examinee off-balance by confusing them with useless jargon rather than evaluating the actual skills.
upvoted 1 times
...
...
ccpmad
8 months ago
Thank you for the info, but for me, in your question, I would choose D. Firewall rule. Firewalls are designed to efficiently manage network traffic. Allowing IP ranges simplifies administration and enhances performance by handling access from multiple IP addresses effectively.
upvoted 2 times
...
...
VidhyaBupesh
11 months, 3 weeks ago
D is right
upvoted 1 times
...
d0094d6
1 year ago
should be D
upvoted 1 times
...
Pime13
1 year ago
D is the solution
upvoted 1 times
...
didek1986
1 year ago
D d d d
upvoted 1 times
...
gun123
1 year ago
D is the ans
upvoted 1 times
...
MahAli
1 year, 1 month ago
I guess D
upvoted 1 times
...
odacir
1 year, 2 months ago
D -> https://cloud.google.com/armor/docs/configure-security-policies#create-rules
upvoted 2 times
...
didek1986
1 year, 4 months ago
D for sure
upvoted 2 times
...
BiddlyBdoyng
1 year, 7 months ago
A. Looks like it opens to all IPs B. Incorrect syntax "ACTION must be one of: allow, deny, goto_next." C. Incorrect syntax "ACTION must be one of: allow, deny, goto_next." D. Assuming the preconfigured expression is good then its right.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago