ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 117 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 117
Topic #: 1
[All Professional Cloud Network Engineer Questions]

You are migrating a three-tier application architecture from on-premises to Google Cloud. As a first step in the migration, you want to create a new Virtual Private Cloud (VPC) with an external HTTP(S) load balancer. This load balancer will forward traffic back to the on-premises compute resources that run the presentation tier. You need to stop malicious traffic from entering your VPC and consuming resources at the edge, so you must configure this policy to filter IP addresses and stop cross-site scripting (XSS) attacks. What should you do?

  • A. Create a Google Cloud Armor policy, and apply it to a backend service that uses an unmanaged instance group backend.
  • B. Create a hierarchical firewall ruleset, and apply it to the VPC's parent organization resource node.
  • C. Create a Google Cloud Armor policy, and apply it to a backend service that uses an internet network endpoint group (NEG) backend.
  • D. Create a VPC firewall ruleset, and apply it to all instances in unmanaged instance groups.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by playpacman at Dec. 1, 2022, 1:17 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Laryoul
5 months ago
Selected Answer: C
C because XSS is block by cloud armor. A not correct because unmanaged instance group are only for VM that reside in a single project, zone, VPC network, and subnet. https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-unmanaged-instances
upvoted 3 times
...
mshry
10 months, 2 weeks ago
Selected Answer: C
C it is!
upvoted 3 times
...
jitu028
10 months, 3 weeks ago
Correct answer - C https://cloud.google.com/armor/docs/security-policy-overview#:~:text=When%20you%20use,Ingress%20controls.
upvoted 2 times
...
AzureDP900
11 months ago
C. Create a Google Cloud Armor policy, and apply it to a backend service that uses an internet network endpoint group (NEG) backend. https://cloud.google.com/armor/docs/security-policy-overview
upvoted 3 times
...
playpacman
11 months ago
C is in that case corret
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago