Q: 1
Your application is deployed as a highly available cross-region solution behind a global external
HTTP(S) load balancer. You notice significant spikes in traffic from multiple IP addresses but it is
unknown whether the IPs are malicious. You are concerned about your application's availability. You
want to limit traffic from these clients over a specified time interval.
What should you do?
Options
Discussion
Nah, C just throttles but doesn't actually block the spike, it's A that fully bans for that set interval.
C vs A, but leaning A based on official guide and labs for this scenario.
Careful on this, Cloud Armor's rate_based_ban (A) actually blocks IPs fully for a set period if they exceed the limit, but throttle (C) just slows them. Seen similar in exam reports where picking C is wrong, since it doesn't guarantee protection if someone's flooding hard. A is the only option that truly limits traffic by blocking, not just delaying. Agree?
A is right here.
Option C
Why not throttle with option C instead of a full ban? Throttle just slows but doesn’t block outright.
So are we sure "throttle" in option C just slows traffic, not a hard block? Had something like this in a mock and only rate_based_ban (A) actually enforces a full ban on clients for the set interval. Firewall rules (D) wouldn’t apply at this layer, and deny (B) is too manual for unknown IPs. Anyone get a different behavior in labs?
This is definitely A. Rate_based_ban with ban_duration_sec in Cloud Armor gives you the actual automatic blocking of abusive IPs for a set window, which is exactly what you'd want to maintain availability during big traffic spikes from unknown sources. Throttling (C) only slows requests but doesn't cut off a flood entirely. Pretty sure that's the intent here, unless I'm missing something.
Yeah, A makes sense for this. Rate_based_ban in Cloud Armor actually blocks those IPs for a set time, which is what you want to protect availability during spikes. Throttle just slows requests, doesn't fully block. Pretty sure it's A, correct me if I'm off.
C or A
But I think A is what actually bans the offending IPs for that duration, while C just slows them down. Seen some practice questions that try to trip you up with "throttle" wording.
But I think A is what actually bans the offending IPs for that duration, while C just slows them down. Seen some practice questions that try to trip you up with "throttle" wording.
Be respectful. No spam.
