Q: 10
Your company has just launched a new critical revenue-generating web application. You deployed the
application for scalability using managed instance groups, autoscaling, and a network load balancer
as frontend. One day, you notice severe bursty traffic that the caused autoscaling to reach the
maximum number of instances, and users of your application cannot complete transactions. After an
investigation, you think it as a DDOS attack. You want to quickly restore user access to your
application and allow successful transactions while minimizing cost.
Which two steps should you take? (Choose two.)
Options
Discussion
I don’t think E helps much, B and A make more sense. B increases your backend to handle the burst, A uses Cloud Armor to block malicious IPs and reduce load. Pretty sure that’s the fastest combo to restore access, though A might not catch everything in a big DDOS. Feel free to disagree if you see it differently.
Classic Google exam trick here, always go with the quick scaling (B) and logs (E) when it screams "urgent restore" on a DDoS. Option B and E.
Option B and E seem right. B makes sense because bumping up autoscaling max is an immediate way to restore access, even though it can get pricey. E helps pin down if it's really a DDoS before you roll out other fixes, especially since IP blacklisting (A) isn’t super useful with distributed attacks. Pretty sure about this, but if anyone thinks A is better here for urgent response, let me know.
Probably B and E. A is a trap since just blacklisting IPs won't work well if the attacker uses many sources.
encountered exactly similar question in my exam, on practice tests. Does official documentation or study guide specifically mention using B and E together for urgent DDoS recovery, or is there a better combo noted in Google’s prep materials?
B and E. B gives you capacity right away, E helps confirm it’s actually a DDoS. Open to better ideas.
Maybe A for sure, blocking the attacker IPs with Cloud Armor should drop bad traffic fast.
Its B and E. A is tempting but not effective against large DDoS since attacker IPs rotate a lot.
B . Increasing autoscaling max (B) restores access fast, while looking at logs (E) helps confirm it was actually a DDoS and not a config issue. A is tempting but blacklisting isn’t super practical for big DDoS, IPs change fast. Open to disagreement if I missed something.
B and E for me. Blacklisting (A) might sound good but on a large DDoS, it's usually useless since attacker IPs are super dynamic. B gives instant capacity, E helps confirm attack details. Pretty sure that's what the exam looks for here.
Be respectful. No spam.
