ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 251 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 251
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your organization has a centralized identity provider that is used to manage human and machine access. You want to leverage this existing identity management system to enable on-premises applications to access Google Cloud without hard coded credentials. What should you do?

  • A. Enable Secure Web Proxy. Create a proxy subnet for each region that Secure Web Proxy will be deployed. Deploy an SSL certificate to Certificate Manager. Create a Secure Web Proxy policy and rules that allow access to Google Cloud services.
  • B. Enable Workforce Identity Federation. Create a workforce identity pool and specify the on-premises identity provider as a workforce identity pool provider. Create an attribute mapping to map the on-premises identity provider token to a Google STS token. Create an IAM binding that binds the required role(s) to the external identity by specifying the project ID, workload identity pool, and attribute that should be matched.
  • C. Enable Identity-Aware Proxy (IAP). Configure IAP by specifying the groups and service accounts that should have access to the application. Grant these identities the IAP-secured web app user role.
  • D. Enable Workload Identity Federation. Create a workload identity pool and specify the on-premises identity provider as a workload identity pool provider. Create an attribute mapping to map the on-premises identity provider token to a Google STS token. Create a service account with the necessary permissions for the workload. Grant the external identity the Workload Identity user role on the service account.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by yokoyan at Sept. 6, 2024, 1:22 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nah99
5 months ago
Selected Answer: D
The requirement of the question is for applications, not persons. So D.
upvoted 1 times
...
eychdee
6 months, 1 week ago
its B. keyword is workforce and not workload
upvoted 1 times
...
Art
6 months, 2 weeks ago
Selected Answer: D
It's D "You want to leverage this existing identity management system to enable on-premises applications to access Google Cloud without hard coded credentials" Workload Identity Federation is used for applications when Workforce Identity Federation is used for humans
upvoted 4 times
MoAk
5 months ago
This is the best explanation if anyone still not sure.
upvoted 1 times
...
...
d0fa7d5
7 months, 3 weeks ago
Selected Answer: D
“Since it mentions ‘on-premises applications,’ I believe the correct answer is D, not B.”
upvoted 4 times
...
1e22522
7 months, 3 weeks ago
Selected Answer: D
Im pretty sure its D
upvoted 1 times
1e22522
7 months, 3 weeks ago
I am wrong its B
upvoted 1 times
...
...
yokoyan
7 months, 3 weeks ago
Selected Answer: B
I think it's B.
upvoted 2 times
KLei
5 months, 2 weeks ago
Workload Identity Federation allows applications running outside of Google Cloud (like on-premises systems) to authenticate to Google Cloud services using tokens from an existing identity provider without needing to manage or deploy long-lived credentials.
upvoted 2 times
yokoyan
5 months ago
Workforce Identity : https://cloud.google.com/iam/docs/workforce-identity-federation#what_is_workforce_identity_federation Workload Identity : https://cloud.google.com/iam/docs/workload-identity-federation Yes, in this question we want to grant access to the application, so D might be the correct answer! Thanks!
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago