Answer-first summary for fast verification
Answer: Implement an Access Policy in BeyondCorp Enterprise to verify the device certificate. Create an access binding with the access policy just created.
Option A is the correct answer because BeyondCorp Enterprise is specifically designed for zero-trust access control and includes capabilities to verify device certificates, which directly addresses the requirement to restrict access to corporate-issued devices with valid enterprise certificates. The community discussion shows 100% consensus on A, with upvoted comments emphasizing BeyondCorp's suitability for this scenario. Option B (VPC firewall policy) is unsuitable as it operates at the network layer and cannot validate device certificates for console access. Option C (organization policy) does not support certificate verification. Option D (IAM conditional policy) can enforce conditions but lacks native device certificate validation capabilities, making it less comprehensive than BeyondCorp for this specific use case.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to enforce that employees can only access the Google Cloud console from corporate-issued devices with a valid enterprise certificate. How do you achieve this?
A
Implement an Access Policy in BeyondCorp Enterprise to verify the device certificate. Create an access binding with the access policy just created.
B
Implement a VPC firewall policy. Activate packet inspection and create an allow rule to validate and verify the device certificate.
C
Implement an organization policy to verify the certificate from the access context.
D
Implement an Identity and Access Management (IAM) conditional policy to verify the device certificate.
No comments yet.