As a cloud architect, you have to secure access to Cloud Storage buckets. The client demands that only devices enrolled in their Endpoint Management solution should have access. What should you do?
Choose an answer
Tap an option to check your answer.
Correct answer: Use Cloud Identity-Aware Proxy (IAP) with device policy.
Why this is the answer
*Explanation:* To secure access to Cloud Storage buckets and fulfill the requirement of allowing only devices enrolled in the client's Endpoint Management solution, the best approach is to **use Cloud Identity-Aware Proxy (IAP) with a device policy**. IAP provides fine-grained access control and can enforce device policies to restrict access effectively. Other options like VPC Service Controls (which isolate services but don't handle device policies), Google Workspace device management policies (not directly related to Cloud Storage), using Bucket Policies with IP range restrictions (which don't validate device enrollment), and implementing a Cloud Endpoint with custom authentication logic (which would require custom development and may not ensure device compliance) are not as suitable for this specific use case.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed