Topic 1 Question 303
There is a threat actor that is targeting organizations like yours. Attacks are always initiated from a known IP address range. You want to deny-list those IPs for your website, which is exposed to the internet through an Application Load Balancer. What should you do?
Create a Cloud Armor policy with a deny-rule for the known IP address range. Attach the policy to the backend of the Application Load Balancer.
Activate Identity-Aware Proxy for the backend of the Application Load Balancer. Create a firewall rule that only allows traffic from the proxy to the application.
Create a log sink with a filter containing the known IP address range. Trigger an alert that detects when the Application Load Balancer is accessed from those IPs.
Create a Cloud Firewall policy with a deny-rule for the known IP address range. Associate the firewall policy to the Virtual Private Cloud with the application backend.
ユーザの投票
コメント(2)
A - Cloud Armor: Cloud Armor is a web application firewall (WAF) that provides DDoS protection and advanced security features. Creating a deny-rule for the known IP address range will effectively block traffic from those IPs, preventing them from reaching your website. Application Load Balancer Integration: Attaching the Cloud Armor policy to the backend of the Application Load Balancer ensures that the policy is applied to all traffic entering your website, regardless of the specific backend instance.
👍 2abdelrahman892024/10/04- 正解だと思��う選択肢: A
It's A.
👍 1json4u2024/10/15
シャッフルモード