Google Professional Cloud Developer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Verify the provided JSON Web Token within the application.

The correct answer is A. Cloud Identity-Aware Proxy (IAP) is designed to authenticate users and authorize access based on their Google identity. By enabling IAP on the HTTP(s) load balancer and restricting access to a Google Group containing finance department users, IAP ensures only authorized users can access the application. The JSON Web Token (JWT) provided by IAP includes user identity and group membership information, which the application can verify to ensure compliance. Options C and D rely on IP-based restrictions via Cloud Armor, which do not validate user identity or department membership. Option B unnecessarily adds client-side certificates, which are redundant since IAP already handles authentication and authorization securely.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

You are building a corporate tool on Compute Engine for the finance department. The tool must authenticate users and ensure they belong to the finance department. All employees in the company use G Suite.

What is the recommended approach?

Exam-Like

Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Verify the provided JSON Web Token within the application.

93.8%

Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Issue client-side certificates to everybody in the finance team and verify the certificates in the application.

6.3%

Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Verify the provided JSON Web Token within the application.

Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Issue client side certificates to everybody in the finance team and verify the certificates in the application.

Google Professional Cloud Developer

Get started today

Quick Answer

Quick Answer

Comments (0)

Get started today

You are building a corporate tool on Compute Engine for the finance department. The tool must authenticate users and ensure they belong to the finance department. All employees in the company use G Suite. What is the recommended approach?

Comments (0)

You are building a corporate tool on Compute Engine for the finance department. The tool must authenticate users and ensure they belong to the finance department. All employees in the company use G Suite.

What is the recommended approach?