Your application is deployed as a highly available cross-region solution behind a global external HTTP(S) load balancer. You notice significant spikes in traffic from multiple IP addresses but it is unknown whether the IPs are malicious. You are concerned about your application's availability. You want to limit traffic from these clients over a specified time interval.
What should you do?

• A.Configure a firewall rule in your VPC to throttle traffic from the identified IP addresses.
• B.Configure a rate_based_ban action by using Google Cloud Armor and set the ban_duration_sec parameter to the specified time interval.
• C.Configure a throttle action by using Google Cloud Armor to limit the number of requests per client over a specified time interval.
• D.Configure a deny action by using Google Cloud Armor to deny the clients that issued too many requests over the specified time interval.

Comment: *

Name: *

Email: *

Verification: *

A company has redundant mail servers in different Google Cloud Platform regions and wants to route customers to the nearest mail server based on location.
How should the company accomplish this?

• A.Configure TCP Proxy Load Balancing as a global load balancing service listening on port 995.
• B.Create a Network Load Balancer to listen on TCP port 995 with a forwarding rule to forward traffic based on location.
• C.Use Cross-Region Load Balancing with an HTTP(S) load balancer to route traffic to the nearest region.
• D.Use Cloud CDN to route the mail traffic to the closest origin mail server based on client IP address.

Comment: *

Name: *

Email: *

Verification: *

A customer needs to prevent attackers from hijacking their domain/IP and redirecting users to a malicious site through a man-in-the-middle attack.
Which solution should this customer use?

• A.VPC Flow Logs
• B.Cloud Armor
• C.DNS Security Extensions
• D.Cloud Identity-Aware Proxy

Comment: *

Name: *

Email: *

Verification: *

You are on your company's development team. You noticed that your web application hosted in staging on GKE dynamically includes user data in web pages without first properly validating the inputted dat a. This could allow an attacker to execute gibberish commands and display arbitrary content in a victim user's browser in a production environment.
How should you prevent and fix this vulnerability?

• A.Use Cloud IAP based on IP address or end-user device attributes to prevent and fix the vulnerability.
• B.Set up an HTTPS load balancer, and then use Cloud Armor for the production environment to prevent the potential XSS attack.
• C.Use Web Security Scanner to validate the usage of an outdated library in the code, and then use a secured version of the included library.
• D.Use Web Security Scanner in staging to simulate an XSS injection attack, and then use a templating system that supports contextual auto-escaping.

Comment: *

Name: *

Email: *

Verification: *

You will create a new Service Account that should be able to list the Compute Engine instances in the project. You want to follow Google-recommended practices.
What should you do?

• A.Create a custom role with the permission compute.instances.list and grant the Service Account this role.
• B.Give the Service Account the role of Compute Viewer, and use the new Service Account for all instances.
• C.Give the Service Account the role of Project Viewer, and use the new Service Account for all instances.
• D.Create an Instance Template, and allow the Service Account Read Only access for the Compute Engine Access Scope.

Comment: *

Name: *

Email: *

Verification: *