Explanation:
Option A is the correct answer because BeyondCorp Enterprise is specifically designed for zero-trust access control and includes capabilities to verify device certificates, which directly addresses the requirement to restrict access to corporate-issued devices with valid enterprise certificates. The community discussion shows 100% consensus on A, with upvoted comments emphasizing BeyondCorp's suitability for this scenario. Option B (VPC firewall policy) is unsuitable as it operates at the network layer and cannot validate device certificates for console access. Option C (organization policy) does not support certificate verification. Option D (IAM conditional policy) can enforce conditions but lacks native device certificate validation capabilities, making it less comprehensive than BeyondCorp for this specific use case.
Ultimate access to all questions.
You need to enforce that employees can only access the Google Cloud console from corporate-issued devices with a valid enterprise certificate. How do you achieve this?
A
Implement an Access Policy in BeyondCorp Enterprise to verify the device certificate. Create an access binding with the access policy just created.
B
Implement a VPC firewall policy. Activate packet inspection and create an allow rule to validate and verify the device certificate.
C
Implement an organization policy to verify the certificate from the access context.
D
Implement an Identity and Access Management (IAM) conditional policy to verify the device certificate.
No comments yet.