Topic 9 Question 32
Which of the following is not a best practice for mitigating Denial of Service attacks on your Google Cloud infrastructure?
Block SYN floods using Cloud Router
Isolate your internal traffic from the external world
Scale to absorb the attack
Reduce the attack surface for your GCE deployment
解説
These are all best practices for mitigating Denial of Service attacks: Reduce the attack surface for your GCE deployment
Scale to absorb the attack - Isolate your internal traffic from the external world Cloud Router is used to dynamically update VPN routes. It cannot block SYN floods. On the other hand, Google's Frontend infrastructure, which terminates user traffic, automatically scales to absorb certain types of attacks (e.g., SYN floods) before they reach your compute instances. Reference: https://cloud.google.com/files/GCPDDoSprotection-04122016.pdf
コメント(10)
A is the correct answer https://cloud.google.com/files/GCPDDoSprotection-04122016.pdf
👍 17Ziegler2020/06/06The answer is C. Scaling to absorb the DDoS attack is absurd.
👍 5alilog2020/05/18A is right, router is not designed for attack!
👍 3woorkim2020/06/07
シャッフルモード