Medium1 markMultiple Choice

Domain 3: Designing for Security and ComplianceSecurityIAPZero Trust

GCP PCA · Question 29 · Domain 3: Designing for Security and Compliance

Your company wants to allow remote employees to access an internal web application hosted on Compute Engine without using a traditional VPN. How should you secure this access?

Answer options:

A.

Open port 80 to the internet.

B.

Implement Identity-Aware Proxy (IAP).

C.

Use Cloud NAT.

D.

Configure VPC Service Controls.

How to approach this question

Identify GCP's zero-trust remote access solution.

Full Answer

B.Implement Identity-Aware Proxy (IAP).✓ Correct

Implement Identity-Aware Proxy (IAP).

Identity-Aware Proxy (IAP) establishes a central authorization layer for applications accessed by HTTPS, enabling a zero-trust model without VPNs.

Common mistakes

Confusing IAP with VPC Service Controls.

Question 28 All questions Question 30

Practice the full GCP Professional Cloud Architect Practice Exam 2

50 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Medium Q02CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Medium Q03CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Hard Q04CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Medium Q05CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Easy

View all 50 questions →