For Individuals For Educators

Ace your certifications with Practice Exams and AI assistance.

Browse Exams
For Educators
Blog

Privacy Policy
Terms of Service
Cookie Policy
Support

AWS SAA Exam Prep
PMI PMP Exam Prep
CPA Exam Prep
GCP PCA Exam Prep

© 2026 TinyHive Labs. Company number 16262776.

Practice GCP Professional Cloud Architect GCP Professional Cloud Architect Practice Exam 2Question 29

Medium1 markMultiple Choice

Domain 3: Designing for Security and ComplianceSecurityIAPZero Trust

GCP PCA · Question 29 · Domain 3: Designing for Security and Compliance

Your company wants to allow remote employees to access an internal web application hosted on Compute Engine without using a traditional VPN. How should you secure this access?

Answer options:

A.

Open port 80 to the internet.

B.

Implement Identity-Aware Proxy (IAP).

C.

Use Cloud NAT.

D.

Configure VPC Service Controls.

How to approach this question

Identify GCP's zero-trust remote access solution.

Full Answer

B.Implement Identity-Aware Proxy (IAP).✓ Correct

Identity-Aware Proxy (IAP) establishes a central authorization layer for applications accessed by HTTPS, enabling a zero-trust model without VPNs.

Common mistakes

Confusing IAP with VPC Service Controls.

Question 28 All questions Question 30

Practice the full GCP Professional Cloud Architect Practice Exam 2

50 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Medium Q02CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Medium Q03CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Hard Q04CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Medium Q05CASE STUDY: TechStream Gaming. 500 emp, $100M rev. On-prem US/EU, 200 servers, MySQL 5TB. 2M peak...Easy

View all 50 questions →