ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 119 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 119
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You are a member of your company's security team. You have been asked to reduce your Linux bastion host external attack surface by removing all public IP addresses. Site Reliability Engineers (SREs) require access to the bastion host from public locations so they can access the internal VPC while off-site. How should you enable this access?

  • A. Implement Cloud VPN for the region where the bastion host lives.
  • B. Implement OS Login with 2-step verification for the bastion host.
  • C. Implement Identity-Aware Proxy TCP forwarding for the bastion host.
  • D. Implement Google Cloud Armor in front of the bastion host.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by mT3 at May 22, 2022, 11:42 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mikesp
Highly Voted 2 years ago
Selected Answer: C
The answer is clear in this case.
upvoted 6 times
...
Xoxoo
Most Recent 9 months ago
Selected Answer: C
To enable access to the bastion host from public locations while reducing the Linux bastion host external attack surface by removing all public IP addresses, you should implement Identity-Aware Proxy TCP forwarding for the bastion host. This will allow Site Reliability Engineers (SREs) to access the internal VPC while off-site. Identity-Aware Proxy TCP forwarding allows you to securely access TCP-based applications such as SSH and RDP without exposing them to the internet. It provides a secure way to access your applications by verifying user identity and context of the request before granting access. By implementing Identity-Aware Proxy TCP forwarding for the bastion host, you can ensure that only authorized users can access the internal VPC while off-site, reducing the risk of unauthorized access and data breaches.
upvoted 3 times
...
bruh_1
1 year, 2 months ago
C is correct
upvoted 1 times
...
AzureDP900
1 year, 7 months ago
C. Implement Identity-Aware Proxy TCP forwarding for the bastion host.
upvoted 2 times
...
mT3
2 years ago
Selected Answer: C
Correct. Ref.https://cloud.google.com/architecture/building-internet-connectivity-for-private-vms#configuring_iap_tunnels_for_interacting_with_instances
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel