Your company has just launched a new critical revenue-generating web application.
You deployed the application for scalability using managed instance groups, autoscaling, and a network load balancer as frontend.
One day, you notice severe bursty traffic that the caused autoscaling to reach the maximum number of instances, and users of your application cannot complete transactions.
After an investigation, you think it as a DDOS attack.
You want to quickly restore user access to your application and allow successful transactions while minimizing cost.
Which two steps should you take? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.BE.
Option A: Use Cloud Armor to blacklist the attacker's IP addresses. This option involves using Cloud Armor to create a blacklist rule that blocks traffic from the attacker's IP addresses. Cloud Armor is a service that provides security policies and protection for Google Cloud Platform (GCP) resources. By blacklisting the attacker's IP addresses, you can prevent them from accessing your application and reduce the load on your autoscaling group. This is a quick and cost-effective way to restore user access to your application and reduce the impact of the DDoS attack.
Option B: Increase the maximum autoscaling backend to accommodate the severe bursty traffic. This option involves increasing the maximum number of instances in your autoscaling group to accommodate the bursty traffic. By doing this, you can handle the increased traffic and reduce the impact of the DDoS attack. However, increasing the maximum number of instances can result in higher costs, especially if the traffic is not sustained over a longer period. Therefore, this option should be used with caution, and you should monitor your costs closely.
Option C: Create a global HTTP(s) load balancer and move your application backend to this load balancer. This option involves creating a global HTTP(s) load balancer and moving your application backend to this load balancer. A global load balancer distributes traffic to multiple regions, which can help reduce the impact of a DDoS attack. By moving your backend to a global load balancer, you can distribute traffic more effectively and reduce the load on your autoscaling group. However, this option can be more complex and may require more time and resources to implement.
Option D: Shut down the entire application in GCP for a few hours. The attack will stop when the application is offline. This option involves shutting down the entire application in GCP for a few hours. While this may stop the attack, it is not a viable solution for a critical revenue-generating web application. This option can result in significant revenue loss and damage to your business reputation.
Option E: SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack. This option involves accessing the backend compute engine instances and viewing the auth logs and syslogs to understand the nature of the attack. While this can provide valuable insights, it is not a quick solution to restore user access to your application. This option should be used in conjunction with other options to address the DDoS attack.
In summary, the two best options for quickly restoring user access to your application while minimizing costs are:
Option A: Use Cloud Armor to blacklist the attacker's IP addresses. Option B: Increase the maximum autoscaling backend to accommodate the severe bursty traffic.
Option C can also be effective, but it may require more time and resources to implement. Option D is not a viable solution for a critical revenue-generating web application, and Option E is not a quick solution to address the DDoS attack.