Google Cloud Professional Cloud Security Engineer — Question 33

A website design company recently migrated all customer sites to App Engine. Some sites are still in progress and should only be visible to customers and company employees from any location.
Which solution will restrict access to the in-progress sites?

Answer options

• A. Upload an .htaccess file containing the customer and employee user accounts to App Engine.
• B. Create an App Engine firewall rule that allows access from the customer and employee networks and denies all other traffic.
• C. Enable Cloud Identity-Aware Proxy (IAP), and allow access to a Google Group that contains the customer and employee user accounts.
• D. Use Cloud VPN to create a VPN connection between the relevant on-premises networks and the company's GCP Virtual Private Cloud (VPC) network.

Correct answer: C

Explanation

The correct answer is C because enabling Cloud Identity-Aware Proxy (IAP) allows you to secure your applications and restrict access to specific groups of users, such as those in a Google Group. Options A and D do not provide the necessary access control for users from different locations, while option B restricts access based on network but does not account for users outside of the specified networks.