Topic 1 Question 8
A customer implements Cloud Identity-Aware Proxy for their ERP system hosted on Compute Engine. Their security team wants to add a security layer so that the ERP systems only accept traffic from Cloud Identity-Aware Proxy. What should the customer do to meet these requirements?
Make sure that the ERP system can validate the JWT assertion in the HTTP requests.
Make sure that the ERP system can validate the identity headers in the HTTP requests.
Make sure that the ERP system can validate the x-forwarded-for headers in the HTTP requests.
Make sure that the ERP system can validate the user's unique identifier headers in the HTTP requests.
ユーザの投票
コメント(11)
A is right see : https://cloud.google.com/iap/docs/signed-headers-howto
👍 16ArizonaClassics2020/08/01Use Cryptographic Verification If there is a risk of IAP being turned off or bypassed, your app can check to make sure the identity information it receives is valid. This uses a third web request header added by IAP, called X-Goog-IAP-JWT-Assertion. The value of the header is a cryptographically signed object that also contains the user identity data. Your application can verify the digital signature and use the data provided in this object to be certain that it was provided by IAP without alteration.
So answer is A
👍 11bolu2021/01/24Ans is A
👍 4KILLMAD2020/03/09
シャッフルモード