Question 13

Question

A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine.
Their security team wants to add a security layer so that the ERP systems only accept traffic from
Cloud Identity- Aware Proxy.
What should the customer do to meet these requirements?

Accepted Answer

Make sure that the ERP system can validate the JWT assertion in the HTTP requests.

Piya · Answer

Option A

Ethan U. · Answer

I get why B looks tempting since those headers seem unique, but they're easy to spoof. A is safer here.

Sanjay J. · Answer

Option A makes sense here since only cryptographically verifying the JWT assertion really proves traffic is from IAP. Headers like in B or D are too easy to spoof. Pretty sure it's A, unless I'm missing something subtle.

Nathan A. · Answer

A tbh

Quinn H. · Answer

C is not right, A is what you want here. Official guide covers this IAP JWT validation topic in the security chapter.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE