Complete the code to create a Cloud Armor security policy.
gcloud compute security-policies create [1] --description="Block bad traffic"
The command creates a Cloud Armor security policy named my-security-policy.
Complete the code to add a rule to block traffic from a specific IP address.
gcloud compute security-policies rules create 100 --security-policy [1] --expression="origin.ip == '203.0.113.1'" --action=deny-403
The rule is added to the Cloud Armor security policy named my-security-policy.
Fix the error in the command to apply the security policy to a backend service.
gcloud compute backend-services update [1] --security-policy my-security-policy --globalThe backend service named my-backend-service is the correct target for applying the security policy.
Fill both blanks to create a rule that allows traffic only from a specific country.
gcloud compute security-policies rules create 200 --security-policy [1] --expression="origin.region_code == '[2]'" --action=allow
The rule allows traffic only from the country with region code US in the security policy my-security-policy.
Fill all three blanks to create a rule that blocks SQL injection attempts.
gcloud compute security-policies rules create 300 --security-policy [1] --expression="evaluatePreconfiguredExpr('[2]')" --action=[3]
This rule uses the preconfigured SQL injection expression sqli-v33-stable to block attacks by returning a 403 error in the my-security-policy.