Google Cloud Professional Cloud Security Engineer — Question 4

A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the
ERP systems only accept traffic from Cloud Identity-Aware Proxy.
What should the customer do to meet these requirements?

Answer options

• A. Make sure that the ERP system can validate the JWT assertion in the HTTP requests.
• B. Make sure that the ERP system can validate the identity headers in the HTTP requests.
• C. Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests.
• D. Make sure that the ERP system can validate the user's unique identifier headers in the HTTP requests.

Correct answer: A

Explanation

The correct answer is A because validating the JWT assertion ensures that the requests are coming from authenticated users via the Cloud Identity-Aware Proxy. Options B, C, and D do not provide the necessary level of verification that the requests originate specifically from the Cloud Identity-Aware Proxy, leaving potential vulnerabilities.