Google Cloud Professional Cloud Developer — Question 63

You are developing a corporate tool on Compute Engine for the finance department, which needs to authenticate users and verify that they are in the finance department. All company employees use G Suite.
What should you do?

Answer options

• A. Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Verify the provided JSON Web Token within the application.
• B. Enable Cloud Identity-Aware Proxy on the HTTP(s) load balancer and restrict access to a Google Group containing users in the finance department. Issue client-side certificates to everybody in the finance team and verify the certificates in the application.
• C. Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Verify the provided JSON Web Token within the application.
• D. Configure Cloud Armor Security Policies to restrict access to only corporate IP address ranges. Issue client side certificates to everybody in the finance team and verify the certificates in the application.

Correct answer: A

Explanation

The correct answer A is appropriate because it utilizes Cloud Identity-Aware Proxy to authenticate users based on their Google Group membership, ensuring only finance department users can access the tool. Other options either involve unnecessary complexity with client-side certificates or rely on IP address ranges, which do not effectively verify user identity within the finance department.