Question 1easymultiple choice
Full question →Question 129 of 300
easymultiple choiceObjective-mapped
GCDL Practice Question: A company's security team wants to ensure that…
This GCDL practice question tests your understanding of a company's security team wants to ensure that…. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
A company's security team wants to ensure that only approved corporate devices can access Google Cloud resources, regardless of whether the user has valid credentials. Which Google Cloud security capability enforces device-level access requirements?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Distractor review
Cloud Armor, which filters incoming requests based on IP allowlists and denylists
Cloud Armor provides DDoS protection and WAF capabilities at the network/application layer. It filters based on IP addresses and request attributes, not device management status or device security posture.
B
Best answer
Access Context Manager, which enforces device-level access requirements as part of context-aware access control policies
Access Context Manager is precisely the service for this. It allows security teams to define access levels (policies) that include device attribute requirements — managed/enrolled devices, disk encryption, screen lock. These conditions must be met in addition to valid credentials for access to be granted.
C
Distractor review
Identity-Aware Proxy (IAP), which provides application-level authentication but without device checks
IAP provides application-level identity-based access control. It can integrate with Access Context Manager for device checks, but IAP alone (without Access Context Manager) does not enforce device security posture requirements.
D
Distractor review
VPC Service Controls, which restrict access to Google APIs based on network perimeter membership
VPC Service Controls define network-level perimeters around Google Cloud resources. They restrict access based on network (project/VPN membership), not individual device security attributes.
Common exam trap
Common exam trap: ACLs stop at the first match
ACLs are processed top to bottom. The first matching entry wins, and an implicit deny usually exists at the end.
Technical deep dive
How to think about this question
ACL questions test precision: source, destination, protocol, port and direction. A generally correct ACL can still fail if it is applied on the wrong interface or in the wrong direction.
KKey Concepts to Remember
- Standard ACLs match source addresses.
- Extended ACLs can match source, destination, protocol and ports.
- The first matching ACL entry is used.
- There is usually an implicit deny at the end.
TExam Day Tips
- Check inbound versus outbound direction.
- Read the ACL from top to bottom.
- Look for a broader permit or deny above the intended line.
Key takeaway
ACLs process entries top to bottom and stop at the first match. Entry order and interface direction matter as much as the permit or deny statement.
Related practice questions
Related GCDL practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A traditional retailer currently maintains its own data centers, purchasing servers every 3–5 years and paying for facilities, power, and staff regardless of demand. When it migrates its workloads to the public cloud, which change in cost model does it experience?
Question 2
An e-commerce company plans its infrastructure for peak shopping events (e.g., Black Friday) which drive 50× normal traffic. On-premises, they must maintain 50× capacity year-round. In the cloud, they provision 50× capacity only during peak periods. Which cloud characteristic enables this cost optimization?
Question 3
Which term describes the process by which organizations integrate digital technology into all areas of their business, fundamentally changing how they operate and deliver value to customers?
Question 4
When a company moves from maintaining its own data center to using Google Cloud, which operational responsibility does Google assume that the company previously managed?
Question 5
A hospital runs a patient records system that must remain on-premises due to strict regulatory data residency requirements. However, they also want to use cloud-based AI for diagnostic imaging analysis. Which cloud deployment model best describes their architecture?
Question 6
What is virtualization in the context of cloud computing, and why is it fundamental to how cloud providers deliver services?
Practice this exam
Start a free GCDL practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this GCDL question test?
Standard ACLs match source addresses.
What is the correct answer to this question?
The correct answer is: Access Context Manager, which enforces device-level access requirements as part of context-aware access control policies — Access Context Manager enables context-aware access policies based on device attributes (managed status, screen lock, disk encryption, OS version), user identity, and network location. It is used within BeyondCorp Enterprise (Google's zero trust implementation) to ensure that even users with valid credentials are denied access if their device doesn't meet security requirements.
What should I do if I get this GCDL question wrong?
Review ACL processing order, placement rules (standard near destination, extended near source), and inbound vs outbound direction. Study wildcard masks and implicit deny. Then practise related GCDL ACL questions on filtering logic and placement.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Discussion
Loading comments…
Sign in to join the discussion.
This GCDL practice question is part of Courseiva's free Google Cloud certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the GCDL exam.