Answer-first summary for fast verification
Answer: Enable Cloud Identity-Aware Proxy (IAP), and allow access to a Google Group that contains the customer and employee user accounts.
The question requires restricting access to in-progress App Engine sites to only customers and company employees from any location. Option C (Cloud Identity-Aware Proxy) is optimal because it provides identity-based access control, allowing only authenticated users in a specified Google Group (containing customers and employees) to access the sites, regardless of their location. This aligns with the requirement for access from 'any location' and user-based restriction. Option B (App Engine firewall) is insufficient as it relies on IP-based restrictions, which contradicts the 'any location' requirement and doesn't ensure only authorized individuals access the sites. Option A (.htaccess file) is not a supported or secure method in App Engine for user authentication. Option D (Cloud VPN) is overly complex and unnecessary, as it focuses on network connectivity rather than user-based access control and doesn't inherently restrict access to specific users.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A web design company has moved all client sites to Google App Engine. Some sites are still under development and should only be accessible to customers and company employees from any location. What is the solution to restrict access to these in-progress sites?
A
Upload an .htaccess file containing the customer and employee user accounts to App Engine.
B
Create an App Engine firewall rule that allows access from the customer and employee networks and denies all other traffic.
C
Enable Cloud Identity-Aware Proxy (IAP), and allow access to a Google Group that contains the customer and employee user accounts.
D
Use Cloud VPN to create a VPN connection between the relevant on-premises networks and the company's GCP Virtual Private Cloud (VPC) network.
No comments yet.