When Google Cloud Armor detects a DDoS attack on your service, what is its primary behavior?
Think about how a protective filter works rather than stopping everything.
Cloud Armor uses security policies to filter traffic. It blocks harmful requests but lets good traffic through, keeping your service available during attacks.
Which best describes the purpose of Web Application Firewall (WAF) rules in Cloud Armor?
WAF rules look for harmful patterns in web requests.
WAF rules help Cloud Armor identify and block common web attacks by matching request patterns against known attack signatures.
You have a global web application hosted on Google Cloud with multiple backend regions. Which architecture best uses Cloud Armor to protect it?
Think about where traffic first enters your system globally.
Applying Cloud Armor on the global HTTP(S) Load Balancer filters traffic at the edge, protecting all backend regions efficiently.
If a Cloud Armor security policy contains two rules that both match the same IP address but have different actions (one ALLOW, one DENY), what is the effective action?
Consider how rule priority affects decision making.
Cloud Armor evaluates rules by priority. The first rule that matches the request determines the action, so order matters.
To reduce false positives while using Cloud Armor's WAF rules on a critical web application, which practice is best?
Think about how to safely test rules before blocking traffic.
Starting in monitoring mode lets you see what would be blocked without affecting users. You can tune rules to reduce false positives before enforcing blocking.