PROFESSIONAL-CLOUD-DEVELOPER · Question #26
You are developing a corporate tool on Compute Engine for the finance department, which needs to authenticate users and verify that they are in the finance department. All company employees use G Suit
The correct answer is A. Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google. Cloud Identity-Aware Proxy (IAP) is purpose-built for authenticating users via Google identity and enforcing access controls based on identity and group membership. Since all employees use G Suite, you can create a Google Group for the finance department and restrict IAP access t
Question
You are developing a corporate tool on Compute Engine for the finance department, which needs to authenticate users and verify that they are in the finance department. All company employees use G Suite. What should you do?
Options
- AEnable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google
- BEnable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google
- CConfigure Cloud Armor Security Policies to restrict access to only corporate IP address ranges.
- DConfigure Cloud Armor Security Policies to restrict access to only corporate IP address ranges.
How the community answered
(27 responses)- A78% (21)
- B11% (3)
- C7% (2)
- D4% (1)
Explanation
Cloud Identity-Aware Proxy (IAP) is purpose-built for authenticating users via Google identity and enforcing access controls based on identity and group membership. Since all employees use G Suite, you can create a Google Group for the finance department and restrict IAP access to that group - this simultaneously authenticates users and verifies department membership without any code changes to the application. Cloud Armor (options C and D) operates at the network/IP layer and can only restrict by IP ranges, not by user identity or organizational group. It cannot verify whether a user belongs to the finance department.
Topics
Community Discussion
No community discussion yet for this question.