Answer-first summary for fast verification
Answer: Add an HTTP(S) load balancer in front of the instance, and set up Identity-Aware Proxy (IAP). Configure the IAP settings to allow your company domain to access the website.
The correct answer is B. Identity-Aware Proxy (IAP) integrates with Google Workspace, allowing employees to authenticate using their company credentials from anywhere. IAP enforces access control at the application layer, verifying user identity rather than relying on network restrictions. Setting up an HTTP(S) load balancer is necessary to use IAP for HTTPS traffic. Options A and C rely on network-level security (IP restrictions or VPN), which do not provide user authentication. Option D uses security through obscurity (hashed subdomain), which lacks proper authentication and is not scalable.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are building an internal application for employees to manage company community events, deployed on a single Compute Engine instance. Since your organization uses Google Workspace (formerly G Suite), how can you enable secure authentication for employees accessing the application from any location?
A
Add a public IP address to your instance, and restrict access to the instance using firewall rules. Allow your company's proxy as the only source IP address.
B
Add an HTTP(S) load balancer in front of the instance, and set up Identity-Aware Proxy (IAP). Configure the IAP settings to allow your company domain to access the website.
C
Set up a VPN tunnel between your company network and your instance's VPC location on Google Cloud. Configure the required firewall rules and routing information to both the on-premises and Google Cloud networks.
D
Add a public IP address to your instance, and allow traffic from the internet. Generate a random hash, and create a subdomain that includes this hash and points to your instance. Distribute this DNS address to your company's employees.