Topic 1 Question 54
2 つ選択Your company has just launched a new critical revenue-generating web application. You deployed the application for scalability using managed instance groups, autoscaling, and a network load balancer as frontend. One day, you notice severe bursty traffic that the caused autoscaling to reach the maximum number of instances, and users of your application cannot complete transactions. After an investigation, you think it as a DDOS attack. You want to quickly restore user access to your application and allow successful transactions while minimizing cost. Which two steps should you take?
Use Cloud Armor to blacklist the attacker's IP addresses.
Increase the maximum autoscaling backend to accommodate the severe bursty traffic.
Create a global HTTP(s) load balancer and move your application backend to this load balancer.
Shut down the entire application in GCP for a few hours. The attack will stop when the application is offline.
SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack.
ユーザの投票
コメント(17)
A & C
Cloud Armor is the solution to prevent and mitigate attack (DDOS SQL injection and so on), it's a revenue generating so have to be alive and protected.
No Cloud Armor is not a firewall. Using the CA language you have tons of prebuild rules to evaluate and block the malicious traffic in automatic way. You can put the rule blocking a specific traffic but it's not there the value (you have the firewall for that). Than you need C cause Cloud Armor require an HTTP(s) load balancer (that can be used cause it's a web application)
👍 17Alex_742021/08/24I think B,E are actually correct.
A and C would increase cost to global LB, change app architecture, and could potential block legitimate traffic since you “think” it is a DDoS, but do i not know. I do not think google would recommend blocking traffic unless you KNOW.
So a temp increase in auto scale, with further investigation is the best course of action. It may lead to some short-term cost increase, but ultimately less cost increase than moving to global LB premium tier with cloudarmor.
👍 13Hybrid_Cloud_boy2020/12/06Lets Eliminate: Need quick solution without downtime,
a. Cloud Armor -- No - Network LB doesn't work with Cloud Armor.
c. Global HTTPs LB --> No--> you don't know what application is running and will it support https or not! Basically R&D work.d. shutdown entire application --> No Never nops
Correct answer --
b. compensate with autoscaling -- makes huge sense. e. ssh into one machine and check for syslogs/logs --> yes as a security guy it's your top most priority to find the attack origin, once found you can apply it on Firewall rules with necessary tags. since application is live, you keep checking for logs and keep adding attacker IP's to your Firewall rules. ( Fastest resolution )
👍 3jeeet_2022/10/23
シャッフルモード