Google Professional-Cloud-Architect Exam With Confidence Using Practice Dumps

m/bigquery/docs/managing-partitioned-tables

Note: The principle of least privilege and separation of duties are concepts that, although semantically different, are intrinsically related from the standpoint of security. The intent behind both is to prevent people from having higher privilege levels than they actually need

Principle of Least Privilege: Users should only have the least amount of privileges required to perform their job and no more. This reduces authorization exploitation by limiting access to resources such as targets, jobs, or monitoring templates for which they are not authorized.

Separation of Duties: Beyond limiting user privilege level, you also limit user duties, or the specific jobs they can perform. No user should be given responsibility for more than one related function. This limits the ability of a user to perform a malicious action and then cover up that action.

According to the Google Cloud Architecture Framework and Google Cloud Armor documentation, Google Cloud Armor is the enterprise-grade solution for protecting applications and services against Distributed Denial of Service (DDoS) attacks and web-based exploits. Altostrat requires a solution that addresses "multi-vector" attacks at "various layers," specifically the Network/Transport layers (L3/L4) and the Application layer (L7).

Google Cloud Armor provides built-in, always-on protection against L3 and L4 volumetric attacks at the edge of Google’s network, preventing malicious traffic from reaching the backend GKE clusters or Cloud Run functions. For L7 (Application Layer) protection, Cloud Armor offers Web Application Firewall (WAF) capabilities, including pre-configured rule sets (based on OWASP Top 10), rate limiting, and Adaptive Protection. The latter uses machine learning to detect anomalies in traffic patterns specific to Altostrat’s applications, automatically suggesting rules to block sophisticated botnets or application-layer floods.

While Cloud NGFW (Option B) provides essential network filtering, it lacks the native L7 inspection and global DDoS scrubbing capabilities inherent to Cloud Armor. VPC Service Controls (Option A) focus on data exfiltration and API security perimeters, and Security Command Center (Option D) is a posture management and threat detection tool rather than an active traffic mitigation service. Deploying Cloud Armor at the global load balancing tier ensures Altostrat maintains the high availability and reliability required for its global media streaming audience.