Security Design — GCP PCA Practice Question 28

How to approach this question

Identify the GCP service that provides Layer 7 Web Application Firewall (WAF) protection.

Full Answer

C.Configure Cloud Armor with preconfigured WAF rules for SQLi and rate limiting.✓ Correct

Google Cloud Armor is GCP's DDoS protection and WAF service. It sits at the edge of Google's network (attached to the Load Balancer) and can inspect incoming requests for common vulnerabilities (OWASP Top 10) like SQLi and XSS, dropping malicious traffic before it reaches your application.

Common mistakes

Choosing VPC Firewall rules (A), which cannot inspect Layer 7 HTTP traffic.

Your web application is deployed behind a Global HTTP(S) Load Balancer. You are experiencing a Layer 7 DDoS attack, specifically a flood of HTTP GET requests from various IP addresses attempting to exploit a SQL injection vulnerability. How should you mitigate this?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 6

More questions from this exam