Google Cloud Professional Cloud Security Engineer Practice Exam

What solution should be implemented to restrict access to in-progress websites hosted on App Engine?

• A. Enable HTTP Basic Authentication
• B. Use Google Cloud CDN
• C. Enable Cloud Identity-Aware Proxy (IAP)
• D. Restrict access with Cloud Armor

The correct answer is: Enable Cloud Identity-Aware Proxy (IAP)

To restrict access to in-progress websites hosted on App Engine, implementing Cloud Identity-Aware Proxy (IAP) is an effective solution. IAP provides a way to manage access to your web applications by verifying the identity of users before they can access your App Engine service. This means that only authorized users, such as developers or internal team members, can access the application while it's still under development or testing, while external users are blocked from reaching the site. IAP accomplishes this by implementing authentication and authorization layers. It supports various identity providers, and by leveraging these capabilities, you can create finely-tuned access controls that only allow certain users or groups to interact with your application. This is particularly useful for in-progress websites, where exposing them to general public access could lead to data leaks, misuse, or unauthorized access to features that are not yet fully functional. In contrast, other options like enabling HTTP Basic Authentication provides a very basic level of access control that may not integrate smoothly with modern identity management systems or allow for detailed user access control. Using Google Cloud CDN focuses on content delivery and does not restrict access, while Cloud Armor is primarily aimed at protecting against DDoS attacks and managing traffic based on security rules, rather than specific user access control for