Topic 1 Question 17
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you have identified a potential malicious actor, but aren't certain you have the correct client IP address. You want to identify this actor while minimizing disruption to your legitimate users. What should you do?
Create a Cloud Armor Policy rule that denies traffic and review necessary logs.
Create a Cloud Armor Policy rule that denies traffic, enable preview mode, and review necessary logs.
Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to disabled, and review necessary logs.
Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to enabled, and review necessary logs.
ユーザの投票
コメント(17)
Definitely B. It says you "believe" you have a bad actor, and want to confirm this "while minimizing disruption to your legitimate users."
[A] would block the traffic suspected IP, causing disruption to a legitimate user if you were wrong about the actor
[B] Correct - You can log the requests by Client IP, and Preview Mode will not cause disruption to anyone, while you investigate.
[C] Global Load balancers are Proxies, as Jordi says. This could work for Network load balancers, which are not proxies, but they are regional and not global.
[D] As above, even if you could block from an NLB, it would cause disruption to someone.
👍 24architect2020/06/17- 👍 3[Removed]2021/04/17
B for sure. It is possible to deny traffic at VM level with firewall rules (firewall rules won't apply to a LB; LB will always allow a request unless there is a Cloud Armor policy). But firewall policies do not have a preview mode, only Cloud Armor does!
👍 3seddy2021/05/17
シャッフルモード