Answer: Identity-Aware Proxy

The question asks for a Google Cloud service to enforce access control policies for applications and resources. Identity-Aware Proxy (IAP) is specifically designed for this purpose, as it provides centralized authorization for applications and resources by verifying user identity and context before granting access. The community discussion shows 100% consensus on option A, with references to Google's official documentation confirming IAP's role in access control enforcement. Other options are less suitable: Cloud NAT (B) is for outbound internet connectivity from private instances, Google Cloud Armor (C) is for DDoS protection and WAF, and Shielded VMs (D) are for VM integrity and security against rootkits, not access control policies.

Author: LeetQuiz Editorial Team