A customer wants to make it convenient for their mobile workforce to access a CRM web interface that is hosted on Google Cloud Platform (GCP)
The CRM can only be accessed by someone on the corporate network.
The customer wants to make it available over the internet.
Your team requires an authentication layer in front of the application that supports two-factor authentication Which GCP product should the customer implement to meet these requirements?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The GCP product that the customer should implement to meet the requirements of an authentication layer that supports two-factor authentication is Cloud Identity-Aware Proxy (Option A).
Cloud Identity-Aware Proxy (IAP) is a GCP service that enables organizations to provide secure access to web applications hosted on GCP to their employees, partners, and customers. Cloud IAP provides a central authorization layer that enables administrators to control access to web applications based on user identity and context.
Cloud IAP is a suitable choice for this scenario because it provides the following benefits:
Access control: Cloud IAP provides granular access controls that allow organizations to restrict access to web applications based on user identity and context. This makes it easy to provide access to only the authorized users.
Two-factor authentication: Cloud IAP supports two-factor authentication using security keys, Google Authenticator, or other authentication apps. This ensures that only authorized users with proper authentication credentials can access the web application.
Integration with GCP services: Cloud IAP integrates with other GCP services, such as Google Cloud Load Balancing and Cloud CDN, to provide a complete solution for securing web applications.
Cloud Armor (Option B) is a DDoS and application defense service that provides an additional layer of protection against threats such as DDoS attacks and web attacks. While it can provide some level of access control, it does not support two-factor authentication.
Cloud Endpoints (Option C) is a distributed API management service that provides developers with a framework to build, deploy, protect, and monitor APIs running on GCP. While it can provide some level of access control, it does not support two-factor authentication.
Cloud VPN (Option D) is a service that provides a secure and encrypted connection between on-premises networks and GCP. It does not provide an authentication layer for web applications hosted on GCP.