Free Google Professional Cloud Network Engineer Actual Exam Questions - Question 2 Discussion
You discover that Google Cloud Armor is incorrectly blocking some traffic to your application. You
need to identity the web application firewall (WAF) rule that is incorrectly blocking traffic. What
should you do?
Not D, audit logs only record changes, not live blocking info. A seems best because firewall logs pinpoint the exact WAF rule causing the block, which helps directly identify the issue.
A/B? A directly shows which WAF rule blocked traffic, but B’s load balancer logs can also help trace request paths. VPC Flow Logs in C don’t show WAF details, and D’s audit logs track config changes, not blocking events.
Not C, VPC Flow Logs track network flows, not WAF rules causing blocks.
It’s A—firewall logs show the exact WAF rule blocking traffic, unlike general audit logs.
B/D? Load Balancing logs give detailed request context, audit logs might just show block events.
B tbh makes sense too because HTTP(S) Load Balancing logs include request details and Cloud Armor decisions, so you can see which WAF rule triggered the block with full context on the traffic.
A, since firewall logs specifically identify the exact WAF rule causing the block.
A Firewall logs give detailed info on Cloud Armor actions and the exact rule causing blocks, so it's the best way to pinpoint which WAF rule is the issue without sifting through unrelated data.
Option A makes the most sense here because firewall logs are tailored to capture detailed information about Cloud Armor decisions, including which specific WAF rule triggered the block. Unlike general audit logs or load balancer logs, these are focused on security policy enforcement, so they’ll give clearer insight into the problem without sifting through unrelated data. Option D sounds close but audit logs might not give the same granular detail on each blocked request as firewall logs do.
A. Firewall logs are specifically designed to show details about blocked traffic in Cloud Armor, so they’d directly highlight which WAF rule caused the block without extra noise.
D imo, enabling Google Cloud Armor audit logs seems the most direct way to figure out which WAF rule is blocking traffic since it logs all the policy decisions. The other logging options are more general and might not show specific WAF rule hits clearly. Still kinda annoying that they make you jump through hoops to find the exact rule though. Anyone else find this question vague?