Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Developer All Questions

View all questions & answers for the Professional Cloud Developer exam
Go to Exam

Exam Professional Cloud Developer topic 1 question 128 discussion

Actual exam question from Google's Professional Cloud Developer
Question #: 128
Topic #: 1
[All Professional Cloud Developer Questions]

Your web application is deployed to the corporate intranet. You need to migrate the web application to Google Cloud. The web application must be available only to company employees and accessible to employees as they travel. You need to ensure the security and accessibility of the web application while minimizing application changes. What should you do?

  • A. Configure the application to check authentication credentials for each HTTP(S) request to the application.
  • B. Configure Identity-Aware Proxy to allow employees to access the application through its public IP address.
  • C. Configure a Compute Engine instance that requests users to log in to their corporate account. Change the web application DNS to point to the proxy Compute Engine instance. After authenticating, the Compute Engine instance forwards requests to and from the web application.
  • D. Configure a Compute Engine instance that requests users to log in to their corporate account. Change the web application DNS to point to the proxy Compute Engine instance. After authenticating, the Compute Engine issues an HTTP redirect to a public IP address hosting the web application.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Blueocean at Jan. 16, 2022, 6:30 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Blueocean
Highly Voted 2 years, 10 months ago
Agree with Option B
upvoted 9 times
TNT87
2 years ago
why public IP yet it must only be accessible to the employees only? B is wrong
upvoted 2 times
tuanbo91
1 year, 11 months ago
it's Google public IP, https://cloud.google.com/iap/docs/managing-access
upvoted 1 times
TNT87
1 year, 11 months ago
If its B, it must not use public IP, That makes B wrong. the answer is C. its already in coorporate intranet, why use public IP?
upvoted 1 times
mrvergara
1 year, 9 months ago
How the users are going to authenticate to Compute Engine?
upvoted 1 times
...
Load full discussion...
...
...
...
...
thewalker
Most Recent 4 months, 1 week ago
Selected Answer: B
The best solution here is B. Configure Identity-Aware Proxy to allow employees to access the application through its public IP address. Here's why: Minimal Application Changes: Identity-Aware Proxy (IAP) is designed to handle authentication and authorization without requiring significant changes to your web application. It acts as a secure gateway, intercepting requests and verifying user identities before forwarding them to your application. Secure Access: IAP provides strong security by integrating with your existing corporate identity provider (e.g., Google Workspace, Active Directory). It ensures that only authorized employees with valid credentials can access the application.
upvoted 1 times
thewalker
4 months, 1 week ago
Accessibility for Traveling Employees: IAP allows employees to access the application from anywhere with an internet connection, as long as they have the necessary credentials. This eliminates the need for VPNs or other complex network configurations. Centralized Management: IAP simplifies security management by providing a centralized platform for controlling access to your application. You can easily add or remove users, define access policies, and monitor activity. Why other options are less ideal: A. Authentication in the Application: This approach requires significant changes to your web application to handle authentication logic, which can be complex and error-prone. It also doesn't provide the same level of security and centralized management as IAP.
upvoted 1 times
thewalker
4 months, 1 week ago
C. Proxy Compute Engine Instance: While this approach could work, it requires setting up and managing a separate Compute Engine instance, which adds complexity and overhead. It also doesn't leverage the built-in security features of IAP. D. HTTP Redirect: This approach would expose your web application's public IP address, potentially compromising security. It also doesn't provide the same level of authentication and authorization as IAP. In summary: Identity-Aware Proxy is the most efficient and secure way to migrate your web application to Google Cloud while ensuring accessibility for traveling employees and minimizing application changes. It provides a robust and centralized solution for authentication, authorization, and secure access control.
upvoted 1 times
...
...
...
alpha_canary
7 months, 1 week ago
Selected Answer: B
B is the answer. IAP is the solution in these kind of scenarios. Don't be alerted by mention of public IP. It's completely fine to deploy an internal app on public IP as long as u have proper authentication. Since the question mentions "accessible to employees as they travel", this is how many companies deploy such internal tools.
upvoted 1 times
...
__rajan__
1 year, 2 months ago
Selected Answer: B
I will go with B.
upvoted 1 times
...
Pime13
1 year, 9 months ago
Selected Answer: B
i'd choose b: https://cloud.google.com/blog/topics/developers-practitioners/control-access-your-web-sites-identity-aware-proxy
upvoted 2 times
...
omermahgoub
1 year, 10 months ago
Selected Answer: C
This approach allows you to use Google Cloud infrastructure to authenticate users against the corporate intranet before providing access to the web application, without making major changes to the web application. By configuring a Compute Engine instance as a proxy and changing the web application's DNS to point to this proxy, you can ensure that only employees who have been authenticated against the corporate intranet are able to access the web application. This approach also allows the employees to access the web application while they are traveling, as long as they have internet access.
upvoted 2 times
omermahgoub
1 year, 10 months ago
Identity-Aware Proxy (IAP) is a feature of Google Cloud Platform that allows you to secure access to resources by using identity and context-based access control. IAP allows you to restrict access to a resource (such as a web application) to only authenticated and authorized users or service accounts. However, in this scenario, since the web application is hosted on the corporate intranet, it will not have a public IP address and it will not be accessible from the internet. And It's not possible to use IAP to restrict access to an intranet-hosted application by its IP address.
upvoted 1 times
omermahgoub
1 year, 10 months ago
Additionally, IAP is designed to work with resources that are hosted on Google Cloud, and it may not be possible to configure it to work with an intranet-hosted application without making significant changes to the application and the intranet infrastructure. That's why the best solution would be to use a VPN connection or a reverse proxy to allow employees to access the application as if they were on the intranet while they are traveling or to secure the access to the intranet-hosted web application from the internet.
upvoted 1 times
...
...
...
tuanbo91
1 year, 11 months ago
Selected Answer: B
B is correct.
upvoted 3 times
...
zellck
1 year, 11 months ago
Selected Answer: B
B is the answer. https://cloud.google.com/iap/docs/concepts-overview IAP lets you establish a central authorization layer for applications accessed by HTTPS, so you can use an application-level access control model instead of relying on network-level firewalls. IAP policies scale across your organization. You can define access policies centrally and apply them to all of your applications and resources. When you assign a dedicated team to create and enforce policies, you protect your project from incorrect policy definition or implementation in any application.
upvoted 2 times
...
micoams
1 year, 11 months ago
Selected Answer: B
B, while employees are traveling, they don't have access to the intranet, so they need to use the public IP. IAP secures the public endpoint.
upvoted 3 times
...
tomato123
2 years, 3 months ago
Selected Answer: C
C seems right
upvoted 3 times
...
akshaychavan7
2 years, 3 months ago
Selected Answer: C
I would completely agree with BackendBoi's comment. I would have picked option B only if it would have not been said to access through public IP. Out of all the options, option C seems the best pick. I had read somewhere that the proxy compute engine is used for securing access to main compute engine instance hosting application.
upvoted 2 times
...
BackendBoi
2 years, 7 months ago
I tend to C. A is bad because sending the credentials in each HTTP(s) request is bad and inefficient. B requires each user to have a Google Workspace account, which is not a given for the corporate intranet. On top of that there is no mention that the application checks for the token in the header, so a public IP would still expose the application. C would work, but its ineffective. D is useless if the application is still exposed through the public IP. None of these solutions are great, but C is the least bad of the bunch.
upvoted 3 times
dishum
2 years, 6 months ago
You couldn't opt anyone ? I suggest you to skip this in exam :)
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel