Your company is using GSuite and has developed an application meant for internal usage on Google App Engine. You need to make sure that an external user cannot gain access to the application even when an employee's password has been compromised.
What should you do?
Enforcing 2-factor authentication in GSuite for all users ensures that even if an employee's password is compromised, an external user would still not be able to gain access to the application without the second factor of authentication. This adds an additional layer of security beyond just a password, making it significantly more difficult for unauthorized users to access internal applications.
A. Enforce 2-factor authentication in GSuite for all users.
Correct answer is A. Well explained here: https://docs.google.com/document/d/11o3e14tyhnT7w45Q8-r9ZmTAfj2WUNUpJPZImrxm_F4/edit?usp=sharing found some other answers for other questions in this site as well.
Shouldn't it be B. Configure Cloud Identity-Aware Proxy for the App Engine Application. identity based app access
I was thinking the same thing. Turns out IAP ensures security by enforcing 2FA. So at the end of the day, 2FA is the real solution. 2FA without IAP would still address the risk. IAP without 2FA might not. https://cloud.google.com/iap/docs/configuring-reauth#supported_reauthentication_methods
The key is external user. Best practice is to have internal users/datacenter connect via VPN for security purpose, correct? External users will try to connect via Internet - they still cannot reach the app engine even if they have a users' password because a VPN connection is need to reach the resource. MA will work IF the external user has VPN access... But I think D is what they're looking for based on the question....
Agree but there is no mention that external user doesnt have internal network access too. A is better option as it covers both scenarios.
A is the answer.
should be B
If you limit your GCP VPC to only private access (no resources having external IP), and have VPN. then inspite of having any creds, external folks cannot access the resources.
They can if they login from inside Org - So A is the only correct asnwer
I'm also thinking the same.
Ans - A
Enforce 2-factor authentication safe employee, when an employee's password has been compromised.
Enforcing 2-factor authentication can save an employee's password has been compromised
Ans : A. When passwords is compromised, enforcing 2 factor authentication is the best way to prevent non authorized users.
https://support.google.com/a/answer/175197?hl=en
Correct Answer A
Right Answer is A
A is the answer.
2FA adds an extra layer of security, but if an external user has both the password and the second factor (e.g., a verification code), they might still gain access. So my answer is B. All external users will be blocked with the right authentication or not
A Cloud VPN creates a secure tunnel between your network and GCP, but it wouldn't restrict access based on individual user identities.