Google Cloud Professional Cloud Security Engineer Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Google Cloud Professional Cloud Security Engineer Exam with our interactive quiz. Study with flashcards and multiple-choice questions, complete with hints and explanations. Ace your exam with confidence!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

How can you provide public access to a Linux bastion host without exposing it to external threats?

  1. Attach a static public IP to the bastion host

  2. Implement Cloud Identity Access Management

  3. Use Identity-Aware Proxy TCP forwarding

  4. Enable two-factor authentication

The correct answer is: Use Identity-Aware Proxy TCP forwarding

Using Identity-Aware Proxy (IAP) for TCP forwarding is an effective way to provide secure public access to a Linux bastion host while minimizing exposure to external threats. IAP allows you to control and manage access to applications running on your cloud-hosted resources without needing to assign a fixed public IP address to those resources. This approach ensures that the bastion host is not directly exposed to the internet, as the traffic is routed through Google’s infrastructure, which adds an extra layer of security. Users must authenticate via Google identity, ensuring that only those with the correct permissions can access the bastion host. Additionally, by leveraging IAP, access can be restricted based on user roles and attributes, enhancing security even further. Implementing IAP is particularly beneficial because it reduces the attack surface compared to other methods that may leave ports open to the internet. It integrates with existing Google Cloud IAM policies, ensuring centralized management of user permissions. As a result, this method effectively combines ease of use with robust security measures, making it a preferred choice for managing access to a bastion host in the cloud.

More Questions Like This