PROFESSIONAL-CLOUD-DEVELOPER · Question #116
PROFESSIONAL-CLOUD-DEVELOPER Question #116: Real Exam Question with Answer & Explanation
The correct answer is B: Add an HTTP(S) load balancer in front of the instance, and set up Identity-Aware Proxy (IAP).. https://cloud.google.com/iap/docs/concepts-overview#how_iap_works When an application or resource is protected by IAP, it can only be accessed through the proxy by principals, also known as users, who have the correct Identity and Access Management (IAM) role. When you grant a us
Question
You are developing an internal application that will allow employees to organize community events within your company. You deployed your application on a single Compute Engine instance. Your company uses Google Workspace (formerly G Suite), and you need to ensure that the company employees can authenticate to the application from anywhere. What should you do?
Options
- AAdd a public IP address to your instance, and restrict access to the instance using firewall rules.
- BAdd an HTTP(S) load balancer in front of the instance, and set up Identity-Aware Proxy (IAP).
- CSet up a VPN tunnel between your company network and your instance's VPC location on Google
- DAdd a public IP address to your instance, and allow traffic from the internet. Generate a random
Explanation
https://cloud.google.com/iap/docs/concepts-overview#how_iap_works When an application or resource is protected by IAP, it can only be accessed through the proxy by principals, also known as users, who have the correct Identity and Access Management (IAM) role. When you grant a user access to an application or resource by IAP, they're subject to the fine-grained access controls implemented by the product in use without requiring a VPN. When a user tries to access an IAP-secured resource, IAP performs authentication and authorization
Topics
Community Discussion
No community discussion yet for this question.