Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Create an access level that includes conditions for internal IP address ranges and AppDev groups. Apply this access level to the application's IAP policy.

Option B is correct because it directly addresses both requirements using IAP's built-in capabilities. Creating an access level with conditions for internal IP ranges and AppDev groups, then applying it to the IAP policy, is the native IAP approach for combining identity and network-based restrictions. Option A is incorrect as it requires VPN connectivity which is unnecessary with IAP and doesn't leverage IAP's identity features. Option C is suboptimal because configuring firewall rules for IAP access control is less granular and doesn't integrate as seamlessly with IAP's identity-based policies. Option D is incorrect as MFA and NIDS don't specifically address the IP address restriction requirement and add unnecessary complexity. The community discussion shows 100% consensus on B, with comments highlighting that access levels are the proper mechanism for combining identity and network attributes in IAP policies.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Create an access level that includes conditions for internal IP address ranges and AppDev groups. Apply this access level to the application's IAP policy.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your organization has a Cloud Run application that requires access control via Cloud Identity-Aware Proxy (IAP) with the following requirements:

• Only users from the AppDev group are permitted to access the application. • Access must be limited to internal network IP addresses.

What should you do?

Exam-Like

Deploy a VPN gateway and instruct the AppDev group to connect to the company network before accessing the application.

0.0%

Create an access level that includes conditions for internal IP address ranges and AppDev groups. Apply this access level to the application's IAP policy.

100.0%

Configure firewall rules to limit access to IAP based on the AppDev group and source IP addresses.

Configure IAP to enforce multi-factor authentication (MFA) for all users and use network intrusion detection systems (NIDS) to block unauthorized access attempts.