Module 2: Protecting against Distributed Denial of Service Attacks (DDoS)
Looking for ‘Mitigating Security Vulnerabilities on Google Cloud Module 2 Answers’?
In this post, I provide complete, accurate, and detailed explanations for the answers to Module 2: Protecting against Distributed Denial of Service Attacks (DDoS) of Course 11: Mitigating Security Vulnerabilities on Google Cloud – Preparing for Google Cloud Certification: Cloud Security Engineer Professional Certificate.
Whether you’re preparing for quizzes or brushing up on your knowledge, these insights will help you master the concepts effectively. Let’s dive into the correct answers and detailed explanations for each question!
Protecting against DDoS Attacks
Graded Assignment
1. Choose the FOUR correct DDoS Mitigation Layers from the list below.
- Ping Report
- Botnet Detection API
- Internal Traffic ✅
- CDN Offloading ✅
- Load Balancing ✅
- Attack Surface ✅
- Google Cloud Blocklist
Explanation:
- Attack Surface – Reducing the number of exposed services limits what attackers can target.
- CDN Offloading – Caches static content closer to users, reducing load on your origin infrastructure.
- Internal Traffic – Isolating internal traffic helps prevent internal systems from being exposed.
- Load Balancing – Distributes incoming requests to prevent any one resource from becoming a bottleneck.
2. Choose from the list below which way Google Cloud helps mitigate the risk of DDoS for its customers.
- Internal capacity many times that of any traffic load we can anticipate. ✅
- Isolation servers are available with no external or internal access.
- Google Blocklist API is automatically included within each project.
- Google Cloud firewall rules rate limit the number of requests sent to VMs.
Explanation:
Google Cloud helps mitigate DDoS risk by leveraging its massive global infrastructure capacity, which can absorb and distribute unusually high traffic volumes.
3. Which TWO of the following statements is TRUE about Google Cloud Armor?
- Google Cloud Armor is a Ransomware defense service.
- Google Cloud Armor currently is not compatible with any third-party partner security products.
- Google Cloud Armor protection is delivered at the edge of Google’s network. ✅
- Google Cloud Armor enforces access control based on IPv4 and IPv6 addresses or CIDRs. ✅
Explanation:
- Google Cloud Armor is a Web Application Firewall (WAF) and DDoS protection solution.
- It operates at the network edge, before traffic hits your infrastructure.
- It supports IP-based allowlists/blocklists using IPv4/IPv6 or CIDR ranges.
Related contents:
You might also like:
Course 1: Preparing for Your Professional Cloud Security Engineer Journey
Course 2: Google Cloud Fundamentals: Core Infrastructure
Course 3: Networking in Google Cloud: Fundamentals
Course 4: Networking in Google Cloud: Routing and Addressing
Course 5: Networking in Google Cloud: Network Architecture
Course 6: Networking in Google Cloud: Network Security
Course 7: Networking in Google Cloud: Load Balancing
Course 8: Networking in Google Cloud: Hybrid and Multicloud
Course 9: Managing Security in Google Cloud
Course 10: Security Best Practices in Google Cloud
Course 12: Logging and Monitoring in Google Cloud
Course 13: Observability in Google Cloud
Course 14: Hands-On Labs in Google Cloud for Security Engineers