Topic 1 Question 52
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You have recently engaged a traffic-scrubbing service and want to restrict your origin to allow connections only from the traffic-scrubbing service. What should you do?
Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing service.
Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service.
Create a VPC Service Control Perimeter that blocks all traffic except for the traffic-scrubbing service.
Create IPTables firewall rules that block all traffic except for the traffic-scrubbing service.
ユーザの投票
コメント(16)
A is correct
👍 11Vidyasagar2021/03/23Ans is A, Cloud Armor is used for LB, there is no way we can use FW rules at LB level
👍 5cesar78162020/12/13Reading this leads me to believe A
The below links outlines NAT behavior of GCP global load balancer. Since this is a full proxy, the source IP of the scrubbing source would be translated to GFE IP, so allowing the scrubbing source via FW rule would not work.
So, by elimination this tells me that cloudarmor is the answer! So A
👍 4Hybrid_Cloud_boy2020/12/06
シャッフルモード