Google Cloud Professional Cloud Security Engineer — Question 251
A customer wants to make it convenient for their mobile workforce to access a CRM web interface that is hosted on Google Cloud Platform (GCP). The CRM can only be accessed by someone on the corporate network. The customer wants to make it available over the internet. Your team requires an authentication layer in front of the application that supports two-factor authentication
Which GCP product should the customer implement to meet these requirements?
Answer options
- A. Cloud Identity-Aware Proxy
- B. Cloud Armor
- C. Cloud Endpoints
- D. Cloud VPN
Correct answer: A
Explanation
The correct answer is Cloud Identity-Aware Proxy, as it allows secure access to applications hosted on GCP while enforcing authentication, including two-factor authentication. Cloud Armor is focused on security against DDoS attacks, Cloud Endpoints is for API management, and Cloud VPN is used for secure connections between on-premises networks and GCP, none of which provide the required authentication layer for web access.