Free Google Professional Cloud Network Engineer Actual Exam Questions - Question 11 Discussion
addresses, and external access is granted through a global load balancer. You believe you have
identified a potential malicious actor, but aren't certain you have the correct client IP address. You
want to identify this actor while minimizing disruption to your legitimate users.
What should you do?
C/D but C is better since it avoids blocking any legit traffic before you’re certain.
C imo. Using VPC firewall logging without enforcement lets you gather evidence without blocking legit users, which fits the goal of minimal disruption better than immediate blocking options.
C/D? C seems safer since it logs without blocking, letting you confirm the IP without disturbing users. D could block too soon if you’re not 100% sure yet.
Option C lets you log and gather data without blocking, which seems less risky than preview mode.
Option C seems like a good call because VPC Firewall logging with enforcement disabled lets you gather data without blocking anyone, so you can confirm the suspicious IP before taking action.
Maybe B makes the most sense since preview mode lets you see the impact without actually blocking traffic, so you can confirm the attacker without affecting real users. That’s safer than enforcement right away.
B seems safest with preview mode before blocking anything.