Google Cloud Professional Cloud Security Engineer Practice Exam

Which GCP product should be used to provide a two-factor authentication layer for a CRM accessed over the internet?

• A. Google Cloud Identity Platform
• B. Cloud Identity-Aware Proxy
• C. Cloud Pub/Sub
• D. Firebase Authentication

The correct answer is: Cloud Identity-Aware Proxy

The recommended choice for providing a two-factor authentication layer for a customer relationship management (CRM) system accessed over the internet is the Cloud Identity-Aware Proxy. This service enables secure access to applications running on Google Cloud by enforcing authentication and authorization policies based on the identity of users and the context of their access. Using Cloud Identity-Aware Proxy, you can configure rules that require users to verify their identity through various authentication methods, including two-factor authentication (2FA). This layer of security greatly enhances the protection of sensitive data and applications by ensuring only authenticated and authorized users can access the CRM. Additionally, while other options also cater to authentication and security, Cloud Identity-Aware Proxy specifically focuses on managing user access to applications in a cloud environment based on their identity and access context. This focus makes it particularly suitable for scenarios where 2FA is needed, especially for web-based applications. The remaining options, such as Google Cloud Identity Platform, primarily facilitate user account management and identity services but may not handle direct application access controls as effectively as the Proxy. Firebase Authentication is often utilized for mobile and web app authentication but is tailored towards application development frameworks rather than enterprise-level application access management. Cloud Pub/Sub, on the other hand, is primarily a messaging service