Professional Cloud Architect Exam - Question 205

Question

For this question, refer to the Helicopter Racing League (HRL) case study. Recently HRL started a new regional racing league in Cape Town, South Africa. In an effort to give customers in Cape Town a better user experience, HRL has partnered with the Content Delivery Network provider, Fastly. HRL needs to allow traffic coming from all of the Fastly IP address ranges into their Virtual Private Cloud network (VPC network). You are a member of the HRL security team and you need to configure the update that will allow only the Fastly IP address ranges through the External HTTP(S) load balancer. Which command should you use?

A.

B.

C.

D.

Examice · Accepted Answer

To allow traffic coming from all of the Fastly IP address ranges through the External HTTP(S) load balancer, you should use a security policy managed by Google Cloud Armor. The correct command should include the evaluation of the preconfigured expression to match the source IP addresses of Fastly. Here is the correct command: gcloud compute security-policies rules update 1000 --security-policy hlr-policy --expression "evaluatePreconfiguredExpr('sourceiplist-fastly')" --action "allow". This command ensures that only the specified IP ranges from Fastly are allowed through the load balancer.

technodev · Answer

Got this question in my exam, answered D

elrizos · Answer

Is D:
In the GCP doc can see the same example
https://cloud.google.com/armor/docs/configure-security-policies#gcloud_11
"gcloud compute security-policies rules create 1000 \
    --security-policy my-policy \
    --expression "evaluatePreconfiguredExpr('sourceiplist-fastly')" \
    --action "allow"
"

hashi · Answer

I got this question in March 2024.  
As someone pointed out answers are reworked. 
Instead of asking for the command, the choices were given in wordings - something like the below. (Not the exact words)
A. Create Cloud Armor Security Policy with the source ip ranges.
B. Create Cloud Armor Security Policy with the source ip list
C. Create firewall rule to allow source ip list
D. Create firewall rule to allow source ip range

Based on the answers for this question I went with "Create Cloud Armor Security Policy with the source ip list"

BeCalm · Answer

Why is no vote being allowed on this question?

rr4444 · Answer

D, def not A

D is shown at https://cloud.google.com/armor/docs/configure-security-policies#use-console-gcloud

BiddlyBdoyng · Answer

A. Looks like it opens to all IPs

B. Incorrect syntax "ACTION must be one of: allow, deny, goto_next."

C. Incorrect syntax "ACTION must be one of: allow, deny, goto_next."

D.  Assuming the preconfigured expression is good then its right.

didek1986 · Answer

D for sure

odacir · Answer

D -> https://cloud.google.com/armor/docs/configure-security-policies#create-rules

LaxmanTiwari · Answer

answer is D

MahAli · Answer

I guess D

gun123 · Answer

D is the ans

didek1986 · Answer

D d d d

Pime13 · Answer

D is the solution

d0094d6 · Answer

should be D

VidhyaBupesh · Answer

D is right

dija123 · Answer

Totally agree with D

researched_answer_boi · Answer

(D), or "Create Cloud Armor Security Policy with the source ip list" (considering @hashi's comment) looks correct.
https://codelabs.developers.google.com/codelabs/cloud-cloudarmor#0

Professional Cloud Architect Exam - Question 205

Discussion