Answer-first summary for fast verification
Answer: Configure Google session control to a shorter duration., Enforce Security Key Authentication with 2SV.
The question requires mitigating cookie replay attacks for both Google web sessions and Google Cloud CLI SDK sessions. Option A (Configure Google session control to a shorter duration) directly addresses web sessions by reducing the validity period of session cookies, limiting the window for replay attacks. Option E (Enforce Security Key Authentication with 2SV) adds a strong authentication layer, making it harder for attackers to misuse stolen cookies even if obtained. While option B (shorter OAuth 2.0 access token duration) is relevant for API access, it is less comprehensive for web sessions compared to A. Option C (reauthentication policy) overlaps with A but is specific to Google Cloud services, not covering web sessions broadly. Option D (third-party IdP) does not directly mitigate replay attacks. The community consensus, with high upvotes for A and E (e.g., comment_id 1015624 with 9 upvotes), supports these as the most effective pair for reducing risk across both session types.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are migrating users to Google Cloud and need to mitigate the risk of cookie replay attacks for both Google web sessions and Google Cloud CLI SDK sessions on endpoint devices.
What should you do? (Choose two.)
A
Configure Google session control to a shorter duration.
B
Set an organizational policy for OAuth 2.0 access token with a shorter duration.
C
Set a reauthentication policy for Google Cloud services to a shorter duration.
D
Configure a third-party identity provider with session management.
E
Enforce Security Key Authentication with 2SV.
No comments yet.