nerdexam
Google

PROFESSIONAL-CLOUD-DEVELOPER · Question #26

You are developing a corporate tool on Compute Engine for the finance department, which needs to authenticate users and verify that they are in the finance department. All company employees use G Suit

The correct answer is A. Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google. Cloud Identity-Aware Proxy (IAP) is purpose-built for authenticating users via Google identity and enforcing access controls based on identity and group membership. Since all employees use G Suite, you can create a Google Group for the finance department and restrict IAP access t

Securing applications

Question

You are developing a corporate tool on Compute Engine for the finance department, which needs to authenticate users and verify that they are in the finance department. All company employees use G Suite. What should you do?

Options

  • AEnable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google
  • BEnable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google
  • CConfigure Cloud Armor Security Policies to restrict access to only corporate IP address ranges.
  • DConfigure Cloud Armor Security Policies to restrict access to only corporate IP address ranges.

How the community answered

(27 responses)
  • A
    78% (21)
  • B
    11% (3)
  • C
    7% (2)
  • D
    4% (1)

Explanation

Cloud Identity-Aware Proxy (IAP) is purpose-built for authenticating users via Google identity and enforcing access controls based on identity and group membership. Since all employees use G Suite, you can create a Google Group for the finance department and restrict IAP access to that group - this simultaneously authenticates users and verifies department membership without any code changes to the application. Cloud Armor (options C and D) operates at the network/IP layer and can only restrict by IP ranges, not by user identity or organizational group. It cannot verify whether a user belongs to the finance department.

Topics

#Identity-Aware Proxy (IAP)#Authentication#Authorization#Access Control

Community Discussion

No community discussion yet for this question.

Full PROFESSIONAL-CLOUD-DEVELOPER Practice