Topic 1 Question 6
A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer's internal compliance requirements dictate that end- user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP's native SYN flood protection. Which product should be used to meet these requirements?
Cloud Armor
VPC Firewall Rules
Cloud Identity and Access Management
Cloud CDN
解説
ユーザの投票
コメント(17)
Answer is A
👍 13KILLMAD2020/03/09- 正解だと思う選択肢: A
If there were at least a L4 load balancer in the picture, I'd vote for B, since then the LB would take care of "GCP's native SYN flood protection", also considering that "The customer accepts the risk that their application will only have SYN flood DDoS protection.".
With cloud armor I guess they get more protection that required on the question, but it seems to be the only entry that fulfills the requirements
👍 3ThisisJohn2021/12/21 - 正解だと思う選択肢: B
See here: https://cloud.google.com/files/GCPDDoSprotection-04122016.pdf DDoS Protection by enabling Proxy-based Load Balancing ○ When you enable HTTP(S) Load Balancing or SSL proxy Load Balancing, Google infrastructure mitigates and absorbs many Layer 4 and below attacks, such as SYN floods, IP fragment floods, port exhaustion, etc. ○ If you have HTTP(S) Load Balancing with instances in multiple regions, you are able to disperse your attack across instances around the globe.
👍 3Jeanphi722022/08/04
シャッフルモード