PROFESSIONAL-CLOUD-SECURITY-ENGINEER Question #66: Real Exam Question with Answer & Explanation

Question

A website design company recently migrated all customer sites to App Engine. Some sites are still in progress and should only be visible to customers and company employees from any location. Which solution will restrict access to the in-progress sites?

Options

• AUpload an .htaccess file containing the customer and employee user accounts to App Engine.
• BCreate an App Engine firewall rule that allows access from the customer and employee networks
• CEnable Cloud Identity-Aware Proxy (IAP), and allow access to a Google Group that contains the
• DUse Cloud VPN to create a VPN connection between the relevant on-premises networks and the

Explanation

The requirement is to restrict access to specific users (customers and employees) from any location - meaning network-based controls won't work since employees can be anywhere. Cloud Identity-Aware Proxy (IAP) enforces identity-based access control using Google accounts, making it the right fit. Configuring IAP to allow a Google Group containing the authorized customers and company employees ensures only those identities can access the in-progress App Engine sites, regardless of their network location. Option A (.htaccess) is not supported on App Engine. Option B (App Engine firewall) restricts by IP, not identity, and breaks for remote users. Option D (Cloud VPN) requires on-premises network access and won't work for customers in arbitrary locations.

No community discussion yet for this question.