A customer needs to launch a 3-tier internal web application on Google Cloud Platform (GCP). The customer’s internal compliance requirements dictate that end-user access may only be allowed if the traffic seems to originate from a specific known good CIDR. The customer accepts the risk that their application will only have SYN flood DDoS protection. They want to use GCP’s native SYN flood protection.

Which product should be used to meet these requirements?

A. Cloud Armor

B. VPC Firewall Rules
C. Cloud Identity and Access Management
D. Cloud CDN

Reference: https://cloud.google.com/blog/products/identity-security/understanding-google-cloud-armors-new-waf-capabilities