Answer-first summary for fast verification
Answer: Make sure that the ERP system can validate the JWT assertion in the HTTP requests.
The correct answer is A because the X-Goog-IAP-JWT-Assertion header contains a cryptographically signed JWT that can be verified by the ERP system to ensure the request passed through IAP. This provides strong security by validating the digital signature, confirming IAP processed the request. Option B (identity headers) contains user identity information but lacks cryptographic verification, making it vulnerable to spoofing if IAP is bypassed. Option C (x-forwarded-for) indicates the client's original IP and does not verify IAP involvement. Option D (user's unique identifier) is similar to B and also lacks cryptographic proof of IAP processing. The community discussion shows a strong consensus for A (67% votes, high upvotes on supporting comments), with references to Google's documentation on signed headers for IAP verification.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A customer is using Cloud Identity-Aware Proxy (IAP) to secure their ERP system hosted on Google Cloud Compute Engine. Their security team wants to add a layer of security to ensure the ERP system only accepts traffic that has passed through IAP. What should they do to meet this requirement?
A
Make sure that the ERP system can validate the JWT assertion in the HTTP requests.
B
Make sure that the ERP system can validate the identity headers in the HTTP requests.
C
Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests.
D
Make sure that the ERP system can validate the user's unique identifier headers in the HTTP requests.
No comments yet.