Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 251 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 251
Topic #: 1
[All Professional Cloud Security Engineer Questions]

Your organization has a centralized identity provider that is used to manage human and machine access. You want to leverage this existing identity management system to enable on-premises applications to access Google Cloud without hard coded credentials. What should you do?

  • A. Enable Secure Web Proxy. Create a proxy subnet for each region that Secure Web Proxy will be deployed. Deploy an SSL certificate to Certificate Manager. Create a Secure Web Proxy policy and rules that allow access to Google Cloud services.
  • B. Enable Workforce Identity Federation. Create a workforce identity pool and specify the on-premises identity provider as a workforce identity pool provider. Create an attribute mapping to map the on-premises identity provider token to a Google STS token. Create an IAM binding that binds the required role(s) to the external identity by specifying the project ID, workload identity pool, and attribute that should be matched.
  • C. Enable Identity-Aware Proxy (IAP). Configure IAP by specifying the groups and service accounts that should have access to the application. Grant these identities the IAP-secured web app user role.
  • D. Enable Workload Identity Federation. Create a workload identity pool and specify the on-premises identity provider as a workload identity pool provider. Create an attribute mapping to map the on-premises identity provider token to a Google STS token. Create a service account with the necessary permissions for the workload. Grant the external identity the Workload Identity user role on the service account.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by yokoyan at Sept. 6, 2024, 1:22 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
eychdee
1 month ago
its B. keyword is workforce and not workload
upvoted 1 times
...
Art
1 month, 1 week ago
Selected Answer: D
It's D "You want to leverage this existing identity management system to enable on-premises applications to access Google Cloud without hard coded credentials" Workload Identity Federation is used for applications when Workforce Identity Federation is used for humans
upvoted 1 times
...
d0fa7d5
2 months, 1 week ago
Selected Answer: D
“Since it mentions ‘on-premises applications,’ I believe the correct answer is D, not B.”
upvoted 3 times
...
1e22522
2 months, 2 weeks ago
Selected Answer: D
Im pretty sure its D
upvoted 1 times
1e22522
2 months, 2 weeks ago
I am wrong its B
upvoted 1 times
...
...
yokoyan
2 months, 2 weeks ago
Selected Answer: B
I think it's B.
upvoted 2 times
KLei
1 week, 2 days ago
Workload Identity Federation allows applications running outside of Google Cloud (like on-premises systems) to authenticate to Google Cloud services using tokens from an existing identity provider without needing to manage or deploy long-lived credentials.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel