Restricting Access to In-Progress Sites on App Engine | PCSE Exam Solution | Google

Restricting Access to In-Progress Sites

Prev Question Next Question

Question

A website design company recently migrated all customer sites to App Engine.

Some sites are still in progress and should only be visible to customers and company employees from any location.

Which solution will restrict access to the in-progress sites?

Answers

A. Upload an .htaccess file containing the customer and employee user accounts to App Engine.

B. Create an App Engine firewall rule that allows access from the customer and employee networks and denies all other traffic.

C. Enable Cloud Identity-Aware Proxy (IAP), and allow access to a Google Group that contains the customer and employee user accounts.

D. Use Cloud VPN to create a VPN connection between the relevant on-premises networks and the company`s GCP Virtual Private Cloud (VPC) network.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

The scenario presented in the question involves a website design company that recently migrated all customer sites to App Engine. However, some of these sites are still in progress and should only be visible to customers and company employees from any location. Therefore, the company needs a solution that can restrict access to the in-progress sites.

Option A: Uploading an .htaccess file containing the customer and employee user accounts to App Engine is not a suitable solution. An .htaccess file is used to configure Apache web servers and is not applicable to App Engine.

Option B: Creating an App Engine firewall rule that allows access from the customer and employee networks and denies all other traffic is a possible solution. This solution would involve creating a firewall rule that allows traffic only from the networks used by customers and employees, while blocking all other traffic. However, this solution may not be practical if the customer and employee networks have dynamic IP addresses or if there are many different networks involved.

Option C: Enabling Cloud Identity-Aware Proxy (IAP) and allowing access to a Google Group that contains the customer and employee user accounts is a suitable solution. Cloud IAP allows users to control access to their web applications by verifying user identity and context of the request. By enabling Cloud IAP, the website design company can configure access to the in-progress sites to only allow users who are members of a specific Google Group. This solution provides a more secure and manageable approach to access control and can be easily updated to add or remove users from the Google Group.

Option D: Using Cloud VPN to create a VPN connection between the relevant on-premises networks and the company's GCP Virtual Private Cloud (VPC) network is not a suitable solution for restricting access to the in-progress sites. While a VPN connection can provide secure access to resources on a private network, it is not necessary in this scenario since the users who need to access the in-progress sites are already authorized to access them.

In conclusion, Option C - Enabling Cloud Identity-Aware Proxy (IAP) and allowing access to a Google Group that contains the customer and employee user accounts is the most suitable solution for restricting access to the in-progress sites.

Prev Question Next Question