A load balancer is routing traffic to a VM where the application process has crashed, but the VM itself is still running. What prevents the load balancer from continuing to send traffic to this instance?
HTTP health checks probe the application port. A crashed application fails the probe, causing the load balancer to stop directing traffic to that VM until it recovers.
Why this answer
The load balancer uses an HTTP health check to periodically probe the application on the VM. When the application process crashes, the health check fails (e.g., returns a non-2xx status code or times out), and the load balancer automatically stops routing new traffic to that unhealthy instance. This is the standard mechanism in Google Cloud for detecting application-level failures, as opposed to infrastructure-level failures.
Exam trap
The trap here is that candidates confuse infrastructure-level health (VM running) with application-level health (process responding), and assume autoscaling or firewall rules handle this, when in fact only a properly configured health check can detect a crashed application process.
How to eliminate wrong answers
Option A is wrong because a VPC firewall rule would block traffic at the network layer, but the question states the VM is still running and the application has crashed—firewall rules do not detect application crashes. Option C is wrong because Cloud Armor security policies filter traffic based on IP addresses, geographic regions, or layer 7 attributes, not based on the health of the application process on a VM. Option D is wrong because the instance group autoscaling policy reacts to overall load metrics (e.g., CPU utilization, requests per second) and may replace unhealthy instances, but it does not directly prevent the load balancer from sending traffic to a crashed instance—that is the health check's role.