Google Cloud Professional Cloud Developer — Question 93

You are developing an internal application that will allow employees to organize community events within your company. You deployed your application on a single Compute Engine instance. Your company uses Google Workspace (formerly G Suite), and you need to ensure that the company employees can authenticate to the application from anywhere. What should you do?

Answer options

• A. Add a public IP address to your instance, and restrict access to the instance using firewall rules. Allow your company's proxy as the only source IP address.
• B. Add an HTTP(S) load balancer in front of the instance, and set up Identity-Aware Proxy (IAP). Configure the IAP settings to allow your company domain to access the website.
• C. Set up a VPN tunnel between your company network and your instance's VPC location on Google Cloud. Configure the required firewall rules and routing information to both the on-premises and Google Cloud networks.
• D. Add a public IP address to your instance, and allow traffic from the internet. Generate a random hash, and create a subdomain that includes this hash and points to your instance. Distribute this DNS address to your company's employees.

Correct answer: B

Explanation

The correct answer is B because using an HTTP(S) load balancer with Identity-Aware Proxy (IAP) allows secure authentication for users from any location while integrating seamlessly with Google Workspace. Option A restricts access too much and relies on a proxy, while option C adds unnecessary complexity with a VPN, and option D lacks security by exposing the instance directly to the internet.