PROFESSIONAL-CLOUD-DEVELOPER · Question #145
Your web application is deployed to the corporate intranet. You need to migrate the web application to Google Cloud. The web application must be available only to company employees and accessible to e
The correct answer is B. Configure Identity-Aware Proxy to allow employees to access the application through its public IP. Identity-Aware Proxy (IAP) is the correct solution for making a web application accessible only to authenticated company employees, regardless of their location (including travel), without requiring a VPN. IAP sits in front of the application (behind a Google Cloud load balancer)
Question
Your web application is deployed to the corporate intranet. You need to migrate the web application to Google Cloud. The web application must be available only to company employees and accessible to employees as they travel. You need to ensure the security and accessibility of the web application while minimizing application changes. What should you do?
Options
- AConfigure the application to check authentication credentials for each HTTP(S) request to the
- BConfigure Identity-Aware Proxy to allow employees to access the application through its public IP
- CConfigure a Compute Engine instance that requests users to log in to their corporate account.
- DConfigure a Compute Engine instance that requests users to log in to their corporate account.
How the community answered
(29 responses)- A7% (2)
- B72% (21)
- C17% (5)
- D3% (1)
Explanation
Identity-Aware Proxy (IAP) is the correct solution for making a web application accessible only to authenticated company employees, regardless of their location (including travel), without requiring a VPN. IAP sits in front of the application (behind a Google Cloud load balancer) and enforces identity-based access control using Google credentials. Employees authenticate through IAP before their requests reach the application, requiring zero changes to the application code itself - the app does not need to implement authentication. Option A requires modifying the application to check credentials on every request, violating the 'minimize application changes' requirement. Options C and D both require provisioning a separate Compute Engine instance to act as a login gate, which introduces infrastructure complexity and application-level changes.
Topics
Community Discussion
No community discussion yet for this question.