Exam Professional Cloud Security Engineer topic 1 question 44 discussion

A. Enforce 2-factor authentication in GSuite for all users.

Correct answer is A. Well explained here: https://docs.google.com/document/d/11o3e14tyhnT7w45Q8-r9ZmTAfj2WUNUpJPZImrxm_F4/edit?usp=sharing found some other answers for other questions in this site as well.

I go with B. IAP is zero trust and context aware

I go with B. IAP is zero trust and context aware

I also feel, it's B. As even if password is compromised, we can block based on IP ranges, geolocation, etc

A Cloud VPN creates a secure tunnel between your network and GCP, but it wouldn't restrict access based on individual user identities.

2FA adds an extra layer of security, but if an external user has both the password and the second factor (e.g., a verification code), they might still gain access. So my answer is B. All external users will be blocked with the right authentication or not

A is the answer.

Right Answer is A

Correct Answer A

A is the answer.

https://support.google.com/a/answer/175197?hl=en

Shouldn't it be B. Configure Cloud Identity-Aware Proxy for the App Engine Application. identity based app access

The key is external user. Best practice is to have internal users/datacenter connect via VPN for security purpose, correct? External users will try to connect via Internet - they still cannot reach the app engine even if they have a users' password because a VPN connection is need to reach the resource. MA will work IF the external user has VPN access... But I think D is what they're looking for based on the question....

Ans : A. When passwords is compromised, enforcing 2 factor authentication is the best way to prevent non authorized users.

Enforcing 2-factor authentication can save an employee's password has been compromised

Enforce 2-factor authentication safe employee, when an employee's password has been compromised.