Exam4Training

What should you do?

Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You have recently engaged a traffic-scrubbing service and want to restrict your origin to allow connections only from the traffic-scrubbing service.

What should you do?
A . Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing
service.

B . Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service.
C . Create a VPC Service Control Perimeter that blocks all traffic except for the traffic-scrubbing service.
D . Create IP Tables firewall rules that block all traffic except for the traffic-scrubbing service.

Answer: A

Explanation:

Global load balancer will proxy the connection. thus no trace of session origin IP. you should use Cloud Armor to geofence your service.

https://cloud.google.com/load-balancing/docs/https

Exit mobile version