Answer-first summary for fast verification
Answer: Configure Identity-Aware Proxy to allow employees to access the application through its public IP address.
The best solution is to use Identity-Aware Proxy (IAP), which enforces access control through Google Cloud's managed authentication service. IAP allows the application to remain accessible via a public IP address but restricts access to authenticated users (company employees) without requiring changes to the application itself. This approach ensures security by validating user identities via corporate credentials (e.g., Google Workspace) and simplifies maintenance compared to a custom proxy setup. Options A, C, and D involve application code changes, custom authentication logic, or insecure redirects, which conflict with the requirement to minimize changes and maintain security.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you migrate a corporate intranet web application to Google Cloud while ensuring it remains accessible only to company employees (including traveling staff), maintains security, and requires minimal application changes?
A
Configure the application to check authentication credentials for each HTTP(S) request to the application.
B
Configure Identity-Aware Proxy to allow employees to access the application through its public IP address.
C
Configure a Compute Engine instance that requests users to log in to their corporate account. Change the web application DNS to point to the proxy Compute Engine instance. After authenticating, the Compute Engine instance forwards requests to and from the web application.
D
Configure a Compute Engine instance that requests users to log in to their corporate account. Change the web application DNS to point to the proxy Compute Engine instance. After authenticating, the Compute Engine issues an HTTP redirect to a public IP address hosting the web application.
No comments yet.