Google Cloud Professional Cloud Security Engineer — Question 14

Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee's password has been compromised.
What should you do?

Answer options

• A. Enforce 2-factor authentication in GSuite for all users.
• B. Configure Cloud Identity-Aware Proxy for the App Engine Application.
• C. Provision user passwords using GSuite Password Sync.
• D. Configure Cloud VPN between your private network and GCP.

Correct answer: B

Explanation

The correct answer is B, as configuring Cloud Identity-Aware Proxy provides an additional layer of security by verifying user identity before granting access to the application. Option A improves security but does not prevent access if a user's credentials are compromised. Option C is irrelevant since it does not enhance security against unauthorized access. Option D, while it secures network traffic, does not address the application-level access control needed in this scenario.