Cloud Armor MCQ Questions and Answers

Mastering Cloud Armor is crucial for cloud certification success. This dedicated practice set features 219 Cloud Armor MCQ questions and answers designed to mirror real exam scenarios across various GCP certifications.

📝 219 Questions⏱️ 90 min🎯 Pass: 70%

About Cloud Armor Practice Questions

This detailed quiz focuses on Cloud Armor, covering key concepts and scenarios often found in GCP exams.

  • Comprehensive coverage of Cloud Armor features.
  • Scenario-based questions testing design and troubleshooting skills.
  • Detailed explanations to reinforce learning.

All 219 Cloud Armor Questions

Browse through the complete list of questions and answers below. Use this resource to review specific concepts or check your understanding of Cloud Armor.

1

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Virtual Private Cloud (VPC)
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
2

What is Google Cloud Armor?

A web application firewall (WAF) and DDoS protection service
A physical vest for data center security guards
A tool for encrypting hard drives
A search engine for security vulnerabilities
View Explanation
✓ Correct Answer: A web application firewall (WAF) and DDoS protection serviceExplanation:Cloud Armor protects your applications and websites from denial-of-service and web attacks.
3

Which Google Cloud service does Cloud Armor primarily protect?

HTTP(S) Load Balancing
Cloud SQL
Cloud Storage buckets directly
IAM
View Explanation
✓ Correct Answer: HTTP(S) Load BalancingExplanation:Cloud Armor rules are applied at the edge of Google's network, protecting load-balanced backends.
4

What is a 'Security Policy' in Cloud Armor?

A set of rules that allow or deny traffic based on attributes like IP address, geographical location, or pre-configured WAF rules
A document signed by the CEO
A list of developers with access to the console
A manual for physical security
View Explanation
✓ Correct Answer: A set of rules that allow or deny traffic based on attributes like IP address, geographical location, or pre-configured WAF rulesExplanation:Security policies contain the logic for how Cloud Armor filters traffic.
5

Which Cloud Armor feature provides world-class protection against SQL injection (SQLi) and Cross-Site Scripting (XSS)?

Pre-configured WAF rules
Cloud SQL integration
Managed Identities
VPC Service Controls
View Explanation
✓ Correct Answer: Pre-configured WAF rulesExplanation:Google provides pre-configured rules based on industry standards to stop common web attacks.
6

Can Cloud Armor block traffic from whole countries or regions?

Yes, using geo-location based filtering
No, it only works with IP addresses
Only if using a VPN
Only for non-Google projects
View Explanation
✓ Correct Answer: Yes, using geo-location based filteringExplanation:Geo-location rules allow you to allow or deny traffic based on the user's geographic origin.
7

What is the primary benefit of 'Adaptive Protection' in Cloud Armor?

It uses machine learning to automatically detect and alert on anomalous traffic patterns and potential layer 7 DDoS attacks
It automatically increases the size of your VMs during an attack
It makes your website run faster for all users
It automatically pays for your AWS bill
View Explanation
✓ Correct Answer: It uses machine learning to automatically detect and alert on anomalous traffic patterns and potential layer 7 DDoS attacksExplanation:Adaptive protection provides intelligence-based defense against complex attacks.
8

Does Cloud Armor provide protection against Layer 3 and 4 DDoS attacks?

Yes, it provides always-on infrastructure protection
No, it is only for Layer 7
Only if you use a Third-party tool
Only for internal VPC traffic
View Explanation
✓ Correct Answer: Yes, it provides always-on infrastructure protectionExplanation:Cloud Armor leverages Google's massive network capacity to absorb large-scale network attacks.
9

What is 'Bot Management' in the context of Google Cloud Armor?

Integration with reCAPTCHA Enterprise to identify and block malicious bots while allowing good bots (like search engine crawlers)
A tool for creating your own bots
A way to manage your Discord bots
A list of Google employees who are bots
View Explanation
✓ Correct Answer: Integration with reCAPTCHA Enterprise to identify and block malicious bots while allowing good bots (like search engine crawlers)Explanation:Bot management helps protect against automated attacks like credential stuffing and scraping.
10

Where do you view the logs of which requests were blocked by Cloud Armor?

Cloud Logging
Cost Management
Anthos
Active Assist
View Explanation
✓ Correct Answer: Cloud LoggingExplanation:Cloud Armor logs detailed information about matched rules to Cloud Logging.
11

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

No, use Cloud Armor or equivalent for explicit deny rules
Configure Cloud IAM policies
Yes, add a deny rule to VPC Firewall Rules
Use Google Cloud Armor
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
12

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Security Command Center
Cloud Identity
Cloud Armor
Secret Manager
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
13

Which service provides protection against Distributed Denial of Service (DDoS) attacks for applications behind a Google Cloud Load Balancer?

Cloud Armor
Identity-Aware Proxy (IAP)
Cloud Identity
Cloud KMS
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor is GCP's WAF and DDoS protection service.
14

Can Cloud Armor block specific IP addresses from accessing your web server?

Yes, using IP blocklists in a security policy
No, it only blocks whole countries
Only if the user is using a VPN
Only for non-Google accounts
View Explanation
✓ Correct Answer: Yes, using IP blocklists in a security policyExplanation:IP-based filtering is a standard feature of Cloud Armor.
15

How does Cloud Armor handle SQL injection attacks?

By using pre-configured WAF rules that detect and block malicious request patterns
By encrypting the database
By alerting the database administrator after the attack happens
Cloud Armor cannot detect SQL injection
View Explanation
✓ Correct Answer: By using pre-configured WAF rules that detect and block malicious request patternsExplanation:WAF rules provide proactive protection against common application-layer attacks.
16

Is Cloud Armor an 'Edge' service or a 'Regional' service?

Edge (it operates at the global points of presence nearest to the user)
Regional (it only works in one data center)
Zonal
Only available in the US
View Explanation
✓ Correct Answer: Edge (it operates at the global points of presence nearest to the user)Explanation:By operating at the edge, Cloud Armor can stop attacks before they reach your infrastructure.
17

What is 'Adaptive Protection' in Google Cloud Armor?

A machine learning-based feature that automatically detects and mitigates complex DDoS attacks
A way to automatically resize your CPUs during an attack
A service that makes your website run faster
A tool for fixing physical server armor
View Explanation
✓ Correct Answer: A machine learning-based feature that automatically detects and mitigates complex DDoS attacksExplanation:Adaptive protection provides intelligence that helps catch attacks that don't match simple rules.
18

Which Google service integrates with Cloud Armor to provide challenge-based bot protection (e.g., puzzles for humans)?

reCAPTCHA Enterprise
Identity Platform
Cloud Watch
Firebase Auth
View Explanation
✓ Correct Answer: reCAPTCHA EnterpriseExplanation:reCAPTCHA integration helps distinguish between real users and automated bots.
19

Can you use Cloud Armor to protect backends that are NOT on Google Cloud?

Yes, if they are reachable through a Google Cloud Load Balancer (via Hybrid NEGs)
No, it is strictly for GCE and GKE
Only if they are on AWS
Only for non-commercial projects
View Explanation
✓ Correct Answer: Yes, if they are reachable through a Google Cloud Load Balancer (via Hybrid NEGs)Explanation:GCP load balancing can front-end services running anywhere.
20

How do you apply a Cloud Armor policy to your application?

By attaching the security policy to an HTTP(S) Load Balancer backend service
By installing an agent on the VM
By changing the DNS records of your site
By rebooting the server
View Explanation
✓ Correct Answer: By attaching the security policy to an HTTP(S) Load Balancer backend serviceExplanation:The security policy is enforced by the load balancer infrastructure.
21

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Google Cloud Armor
Cloud IAM
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
22

Which Google Cloud service provides Web Application Firewall (WAF) and DDoS mitigation for applications behind an HTTP(S) load balancer?

Google Cloud Armor
Cloud Firewall
Cloud IDS
Identity-Aware Proxy
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Cloud Armor protects against Layer 7 attacks like SQL injection and Cross-Site Scripting (XSS).
23

What is a 'Security Policy' in Cloud Armor?

A set of rules that allow or deny traffic based on IP addresses, geographical locations, or custom expressions
A legal agreement
A list of developers
A configuration for the VPC
View Explanation
✓ Correct Answer: A set of rules that allow or deny traffic based on IP addresses, geographical locations, or custom expressionsExplanation:Security policies are attached to backend services of a load balancer.
24

Which Cloud Armor feature provides built-in protection against common web vulnerabilities defined by the OWASP Top 10?

Preconfigured WAF rules
Adaptive Protection
IP Allow-listing
Standard Managed Rules
View Explanation
✓ Correct Answer: Preconfigured WAF rulesExplanation:These rules simplify the deployment of a robust WAF defense.
25

What is 'Adaptive Protection' in Cloud Armor?

A feature that uses machine learning to detect and mitigate anomalous traffic patterns and Layer 7 DDoS attacks
A way to automatically scale the backend servers
A tool that translates code
A security scan of the source code
View Explanation
✓ Correct Answer: A feature that uses machine learning to detect and mitigate anomalous traffic patterns and Layer 7 DDoS attacksExplanation:Adaptive protection provides 'always-on' intelligent security that evolves with the threat landscape.
26

Can Cloud Armor be used to block traffic from an entire country?

Yes, by using 'Geo-based' filtering in a security policy
No
Only if using a separate VPN
Only in the Premium tier
View Explanation
✓ Correct Answer: Yes, by using 'Geo-based' filtering in a security policyExplanation:Geo-filtering helps comply with legal restrictions or target specific attack origins.
27

What does a 'Bot Management' policy in Cloud Armor do?

It distinguishes between legitimate human traffic and automated bots, allowing you to block, rate-limit, or challenge (reCAPTCHA) bots
It creates a new chatbot for you
It monitors the performance of your bots
It deletes malicious bots from your server
View Explanation
✓ Correct Answer: It distinguishes between legitimate human traffic and automated bots, allowing you to block, rate-limit, or challenge (reCAPTCHA) botsExplanation:Bot management is critical for preventing scraping, credential stuffing, and other automated abuse.
28

Which Cloud Armor rule action would you use to slow down a user who is making too many requests, instead of blocking them entirely?

Rate Limiting
Deny
Allow
Throttle
View Explanation
✓ Correct Answer: Rate LimitingExplanation:Rate limiting protects your application from being overwhelmed by a single client.
29

What is the difference between Cloud Armor 'Standard' and 'Managed Protection Plus'?

Managed Protection Plus includes curated rules, adaptive protection, and DDoS cost protection; Standard is a pay-as-you-go basic WAF
Plus is only for government entities
Standard does not support IP blocking
There is no difference in features, only in support
View Explanation
✓ Correct Answer: Managed Protection Plus includes curated rules, adaptive protection, and DDoS cost protection; Standard is a pay-as-you-go basic WAFExplanation:The 'Plus' tier is an enterprise subscription model with significant additional protections.
30

Is Cloud Armor an 'Edge' service or a 'VPC' service?

Edge service; protection is enforced at Google's global points of presence before the traffic reaches the VPC
VPC service
Computer-level service
On-premises service
View Explanation
✓ Correct Answer: Edge service; protection is enforced at Google's global points of presence before the traffic reaches the VPCExplanation:Enforcing security at the edge reduces the impact on your cloud infrastructure.
31

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

No, use Cloud Armor or equivalent for explicit deny rules
Configure Cloud IAM policies
Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
32

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Identity-Aware Proxy (IAP)
Secret Manager
Cloud IAM
Cloud Armor
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
33

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Cloud IAM
Google Cloud Armor
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
34

A company wants to ensure that its public-facing API is protected against SQL injection, cross-site scripting (XSS), and common bot attacks. Which service provides these web application firewall (WAF) capabilities?

Google Cloud Armor
VPC Firewall
Cloud IDS
IAP
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Cloud Armor includes pre-configured WAF rules (WAF-as-a-service) to protect against the OWASP Top 10 and other L7 attacks.
35

Your company is running a massive e-commerce site on GCE with a global HTTP(S) LB. During a promotional event, you suspect a bot-driven L7 DDoS attack. What is the fastest way to respond and block the malicious traffic patterns?

Analyze logs and create a Cloud Armor Security Policy rule
Shut down the load balancer
Change the IP address of the backend VMs
Update VPC firewall rules
View Explanation
✓ Correct Answer: Analyze logs and create a Cloud Armor Security Policy ruleExplanation:Cloud Armor allows you to create and apply security policies in real-time, including blocking specific IP ranges, geographic regions, or patterns matching malicious bot traffic.
36

What is the primary way to protect a Cloud Run service from large-scale L7 DDoS attacks while still allowing legitimate global traffic?

Deploy an HTTP(S) Load Balancer in front of Cloud Run and enable Cloud Armor
Restrict access via IAM only
Increase the number of instances
Use a VPC firewall rule
View Explanation
✓ Correct Answer: Deploy an HTTP(S) Load Balancer in front of Cloud Run and enable Cloud ArmorExplanation:Cloud Run integrates with the HTTP(S) Global Load Balancer, which allows you to apply Cloud Armor security policies at the edge to block malicious traffic.
37

You are hosting a web application on GCE with a global load balancer. You suspect a Layer 7 DDoS attack targeting a specific URL path. What is the fastest way to mitigate the attack?

Create a Cloud Armor security rule to block the specific URL path
Reboot the VMs
Change the IP address of the load balancer
Update the DNS records
View Explanation
✓ Correct Answer: Create a Cloud Armor security rule to block the specific URL pathExplanation:Cloud Armor security policies can be updated in real-time to block specific traffic patterns, protecting the backend from L7 attacks.
38

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
Configure Cloud IAM policies
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
39

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud KMS
Cloud Armor
Identity-Aware Proxy (IAP)
Secret Manager
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
40

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud Key Management Service
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
41

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
42

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud IAM
Google Cloud Armor
Virtual Private Cloud (VPC)
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
43

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
44

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud Key Management Service
Google Cloud Armor
Cloud IAM
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
45

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Virtual Private Cloud (VPC)
Cloud IAM
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
46

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
47

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Virtual Private Cloud (VPC)
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
48

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
49

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Google Cloud Armor
Cloud IAM
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
50

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
51

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Secret Manager
Cloud Identity
Cloud KMS
Cloud Armor
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
52

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
No, use Cloud Armor or equivalent for explicit deny rules
Yes, add a deny rule to VPC Firewall Rules
Use Google Cloud Armor
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
53

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud KMS
Cloud Armor
Identity-Aware Proxy (IAP)
Security Command Center
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
54

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

No, use Cloud Armor or equivalent for explicit deny rules
Yes, add a deny rule to VPC Firewall Rules
Configure Cloud IAM policies
Use Google Cloud Armor
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
55

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Identity
Cloud Armor
Cloud KMS
Cloud IAM
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
56

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
No, use Cloud Armor or equivalent for explicit deny rules
Yes, add a deny rule to VPC Firewall Rules
Use Google Cloud Armor
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
57

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud KMS
Cloud IAM
Cloud Armor
Cloud Identity
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
58

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
Configure Cloud IAM policies
Use Google Cloud Armor
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
59

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud IAM
Cloud Armor
Cloud Identity
Security Command Center
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
60

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Virtual Private Cloud (VPC)
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
61

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Cloud IAM
Virtual Private Cloud (VPC)
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
62

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
63

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud Key Management Service
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
64

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Virtual Private Cloud (VPC)
Google Cloud Armor
Cloud IAM
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
65

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Virtual Private Cloud (VPC)
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
66

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Virtual Private Cloud (VPC)
Cloud IAM
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
67

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud IAM
Virtual Private Cloud (VPC)
Google Cloud Armor
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
68

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud IAM
Cloud Key Management Service
Google Cloud Armor
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
69

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Cloud IAM
Google Cloud Armor
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
70

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
71

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud IAM
Cloud Armor
Cloud Identity
Security Command Center
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
72

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
Configure Cloud IAM policies
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
73

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Identity
Security Command Center
Cloud Armor
Cloud IAM
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
74

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

No, use Cloud Armor or equivalent for explicit deny rules
Yes, add a deny rule to VPC Firewall Rules
Use Google Cloud Armor
Configure Cloud IAM policies
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
75

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud IAM
Identity-Aware Proxy (IAP)
Cloud Armor
Cloud Identity
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
76

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

No, use Cloud Armor or equivalent for explicit deny rules
Use Google Cloud Armor
Configure Cloud IAM policies
Yes, add a deny rule to VPC Firewall Rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
77

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud IAM
Cloud Identity
Cloud Armor
Security Command Center
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
78

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
79

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Armor
Cloud KMS
Secret Manager
Cloud IAM
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
80

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud IAM
Google Cloud Armor
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
81

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud Key Management Service
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
82

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Virtual Private Cloud (VPC)
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
83

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud Key Management Service
Cloud IAM
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
84

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud IAM
Google Cloud Armor
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
85

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
86

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
87

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud IAM
Google Cloud Armor
Virtual Private Cloud (VPC)
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
88

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud IAM
Google Cloud Armor
Virtual Private Cloud (VPC)
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
89

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud Key Management Service
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
90

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
91

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Identity-Aware Proxy (IAP)
Secret Manager
Cloud Armor
Cloud KMS
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
92

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
Use Google Cloud Armor
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
93

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Armor
Cloud KMS
Security Command Center
Identity-Aware Proxy (IAP)
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
94

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
Use Google Cloud Armor
Configure Cloud IAM policies
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
95

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Armor
Identity-Aware Proxy (IAP)
Secret Manager
Cloud IAM
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
96

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Yes, add a deny rule to VPC Firewall Rules
Configure Cloud IAM policies
No, use Cloud Armor or equivalent for explicit deny rules
Use Google Cloud Armor
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
97

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Armor
Cloud KMS
Identity-Aware Proxy (IAP)
Secret Manager
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
98

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
99

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud IAM
Secret Manager
Cloud Armor
Security Command Center
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
100

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Virtual Private Cloud (VPC)
Cloud IAM
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
101

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud IAM
Google Cloud Armor
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
102

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Virtual Private Cloud (VPC)
Cloud Key Management Service
Cloud IAM
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
103

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud Key Management Service
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
104

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud Key Management Service
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
105

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
106

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud Key Management Service
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
107

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
108

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
109

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
110

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

No, use Cloud Armor or equivalent for explicit deny rules
Yes, add a deny rule to VPC Firewall Rules
Use Google Cloud Armor
Configure Cloud IAM policies
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
111

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Identity-Aware Proxy (IAP)
Cloud KMS
Security Command Center
Cloud Armor
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
112

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

No, use Cloud Armor or equivalent for explicit deny rules
Configure Cloud IAM policies
Yes, add a deny rule to VPC Firewall Rules
Use Google Cloud Armor
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
113

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Identity-Aware Proxy (IAP)
Security Command Center
Cloud Identity
Cloud Armor
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
114

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
115

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Secret Manager
Cloud Armor
Cloud Identity
Cloud KMS
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
116

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
Configure Cloud IAM policies
Use Google Cloud Armor
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
117

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Identity-Aware Proxy (IAP)
Cloud Armor
Cloud Identity
Cloud IAM
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
118

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
Use Google Cloud Armor
Configure Cloud IAM policies
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
119

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Identity-Aware Proxy (IAP)
Cloud Armor
Cloud IAM
Secret Manager
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
120

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud IAM
Cloud Key Management Service
Google Cloud Armor
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
121

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud Key Management Service
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
122

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Virtual Private Cloud (VPC)
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
123

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Google Cloud Armor
Cloud IAM
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
124

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Virtual Private Cloud (VPC)
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
125

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
126

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Google Cloud Armor
Cloud IAM
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
127

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Virtual Private Cloud (VPC)
Cloud IAM
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
128

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Virtual Private Cloud (VPC)
Cloud IAM
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
129

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Virtual Private Cloud (VPC)
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
130

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
Configure Cloud IAM policies
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
131

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Identity
Cloud IAM
Cloud Armor
Secret Manager
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
132

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
133

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Armor
Cloud IAM
Secret Manager
Security Command Center
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
134

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

No, use Cloud Armor or equivalent for explicit deny rules
Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
Configure Cloud IAM policies
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
135

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Secret Manager
Cloud KMS
Cloud Identity
Cloud Armor
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
136

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
Use Google Cloud Armor
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
137

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Identity-Aware Proxy (IAP)
Cloud Armor
Cloud Identity
Cloud KMS
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
138

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

No, use Cloud Armor or equivalent for explicit deny rules
Configure Cloud IAM policies
Yes, add a deny rule to VPC Firewall Rules
Use Google Cloud Armor
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
139

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Armor
Secret Manager
Cloud Identity
Cloud KMS
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
140

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Virtual Private Cloud (VPC)
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
141

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Google Cloud Armor
Cloud IAM
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
142

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Cloud IAM
Google Cloud Armor
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
143

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
144

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Cloud IAM
Virtual Private Cloud (VPC)
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
145

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Google Cloud Armor
Cloud IAM
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
146

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud IAM
Google Cloud Armor
Virtual Private Cloud (VPC)
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
147

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Google Cloud Armor
Virtual Private Cloud (VPC)
Cloud IAM
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
148

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Virtual Private Cloud (VPC)
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
149

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud Key Management Service
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
150

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
Use Google Cloud Armor
Configure Cloud IAM policies
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
151

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud KMS
Cloud IAM
Cloud Armor
Secret Manager
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
152

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Yes, add a deny rule to VPC Firewall Rules
Use Google Cloud Armor
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
153

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Identity
Cloud Armor
Cloud IAM
Identity-Aware Proxy (IAP)
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
154

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
No, use Cloud Armor or equivalent for explicit deny rules
Yes, add a deny rule to VPC Firewall Rules
Use Google Cloud Armor
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
155

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Identity
Cloud Armor
Identity-Aware Proxy (IAP)
Secret Manager
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
156

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Use Google Cloud Armor
No, use Cloud Armor or equivalent for explicit deny rules
Configure Cloud IAM policies
Yes, add a deny rule to VPC Firewall Rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
157

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Identity-Aware Proxy (IAP)
Cloud Armor
Security Command Center
Cloud Identity
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
158

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Use Google Cloud Armor
Configure Cloud IAM policies
No, use Cloud Armor or equivalent for explicit deny rules
Yes, add a deny rule to VPC Firewall Rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
159

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Secret Manager
Cloud KMS
Cloud Identity
Cloud Armor
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
160

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud Key Management Service
Cloud IAM
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
161

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
162

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Google Cloud Armor
Cloud IAM
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
163

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
164

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Cloud IAM
Google Cloud Armor
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
165

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Virtual Private Cloud (VPC)
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
166

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud IAM
Virtual Private Cloud (VPC)
Google Cloud Armor
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
167

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud Key Management Service
Virtual Private Cloud (VPC)
Cloud IAM
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
168

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud Key Management Service
Google Cloud Armor
Cloud IAM
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
169

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud IAM
Virtual Private Cloud (VPC)
Cloud Key Management Service
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
170

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Use Google Cloud Armor
No, use Cloud Armor or equivalent for explicit deny rules
Yes, add a deny rule to VPC Firewall Rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
171

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Armor
Cloud IAM
Secret Manager
Cloud KMS
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
172

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Use Google Cloud Armor
Configure Cloud IAM policies
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
173

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Identity-Aware Proxy (IAP)
Cloud KMS
Secret Manager
Cloud Armor
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
174

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Use Google Cloud Armor
Configure Cloud IAM policies
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
175

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Secret Manager
Cloud Armor
Cloud IAM
Cloud KMS
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
176

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
177

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Armor
Cloud IAM
Cloud Identity
Cloud KMS
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
178

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
179

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Armor
Identity-Aware Proxy (IAP)
Cloud Identity
Secret Manager
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
180

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Virtual Private Cloud (VPC)
Cloud IAM
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
181

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Virtual Private Cloud (VPC)
Cloud IAM
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
182

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Cloud IAM
Virtual Private Cloud (VPC)
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
183

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
184

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud IAM
Cloud Key Management Service
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
185

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud IAM
Google Cloud Armor
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
186

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Google Cloud Armor
Cloud IAM
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
187

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Cloud IAM
Virtual Private Cloud (VPC)
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
188

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud Key Management Service
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
189

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Cloud Key Management Service
Google Cloud Armor
Cloud IAM
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
190

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
Configure Cloud IAM policies
Use Google Cloud Armor
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
191

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Secret Manager
Cloud IAM
Cloud KMS
Cloud Armor
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
192

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
No, use Cloud Armor or equivalent for explicit deny rules
Yes, add a deny rule to VPC Firewall Rules
Use Google Cloud Armor
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
193

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Secret Manager
Cloud IAM
Cloud KMS
Cloud Armor
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
194

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

No, use Cloud Armor or equivalent for explicit deny rules
Yes, add a deny rule to VPC Firewall Rules
Use Google Cloud Armor
Configure Cloud IAM policies
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
195

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Identity
Cloud Armor
Cloud IAM
Security Command Center
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
196

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
197

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud IAM
Cloud Identity
Cloud Armor
Secret Manager
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
198

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

No, use Cloud Armor or equivalent for explicit deny rules
Yes, add a deny rule to VPC Firewall Rules
Use Google Cloud Armor
Configure Cloud IAM policies
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
199

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Security Command Center
Cloud Armor
Secret Manager
Cloud KMS
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
200

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Cloud IAM
Google Cloud Armor
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
201

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Google Cloud Armor
Cloud IAM
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
202

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Google Cloud Armor
Cloud Key Management Service
Cloud IAM
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
203

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Virtual Private Cloud (VPC)
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
204

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
205

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Virtual Private Cloud (VPC)
Google Cloud Armor
Cloud IAM
Cloud Key Management Service
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
206

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Virtual Private Cloud (VPC)
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
207

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Google Cloud Armor
Cloud IAM
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
208

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud Key Management Service
Virtual Private Cloud (VPC)
Cloud IAM
Google Cloud Armor
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
209

Your public-facing web application is under a Distributed Denial of Service (DDoS) attack. You need a managed service to detect and mitigate these attacks automatically. What should you enable?

Cloud IAM
Google Cloud Armor
Cloud Key Management Service
Virtual Private Cloud (VPC)
View Explanation
✓ Correct Answer: Google Cloud ArmorExplanation:Google Cloud Armor provides always-on detection and automatic inline mitigations to minimize application downtime and latency during a DDoS attack.
210

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
Use Google Cloud Armor
Configure Cloud IAM policies
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
211

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Secret Manager
Cloud IAM
Cloud Armor
Cloud Identity
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
212

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

No, use Cloud Armor or equivalent for explicit deny rules
Yes, add a deny rule to VPC Firewall Rules
Use Google Cloud Armor
Configure Cloud IAM policies
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
213

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud IAM
Cloud KMS
Secret Manager
Cloud Armor
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
214

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
Configure Cloud IAM policies
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
215

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud KMS
Secret Manager
Cloud Identity
Cloud Armor
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
216

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
217

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud Armor
Cloud Identity
Secret Manager
Security Command Center
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
218

You need to explicitly deny traffic from a specific IP address to your Google Compute Engine instances. Can VPC Firewall Rules natively handle explicit deny rules?

Configure Cloud IAM policies
Use Google Cloud Armor
Yes, add a deny rule to VPC Firewall Rules
No, use Cloud Armor or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Cloud Armor or equivalent for explicit deny rulesExplanation:VPC Firewall Rules typically support allow rules only. Cloud Armor support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
219

You need stateless firewall rules at the subnet level in your Virtual Private Cloud (VPC). What should you configure?

Cloud IAM
Cloud KMS
Cloud Armor
Cloud Identity
View Explanation
✓ Correct Answer: Cloud ArmorExplanation:Cloud Armor operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.