GCP Professional Cloud Security Engineer Practice Question
A global manufacturer is rolling out mandatory 2-Step Verification across its Cloud Identity domain.
Cohort 1: Production-floor operators work in shielded warehouses where personal mobile phones are banned and outbound network traffic is tightly restricted. IT can physically distribute and replace credentials but needs a phishing-resistant factor that does not rely on network connectivity during sign-in.
Cohort 2: Field engineers carry company-managed Android and iOS phones that frequently lose data coverage yet still need to authenticate while offline. Which combination of Google-supported second factors best satisfies the security and operational requirements for Cohort 1 and Cohort 2 respectively?
FIDO U2F security keys for Cohort 1; Google prompt for Cohort 2
Backup codes for Cohort 1; Voice call verification for Cohort 2
Google prompt for Cohort 1; SMS verification codes for Cohort 2
Titan (FIDO2) security keys for Cohort 1; Google Authenticator TOTP codes for Cohort 2
Titan (or other FIDO-compliant) security keys provide a hardware-based, phishing-resistant factor that can be physically issued and replaced by IT and work without network connectivity, meeting Cohort 1's constraints. Time-based one-time passwords generated locally by Google Authenticator operate entirely offline on both Android and iOS devices, allowing Cohort 2 engineers to sign in even when they lack data service. Google prompts, SMS, or voice codes all require network connectivity, and backup codes lack strong phishing resistance, so they do not satisfy the stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a FIDO2 security key?
Open an interactive chat with Bash
How does Google Authenticator work?
Open an interactive chat with Bash
Why is phishing resistance important for authentication methods?
Open an interactive chat with Bash
What are FIDO2 security keys and how do they provide phishing resistance?
Open an interactive chat with Bash
How does Google Authenticator generate TOTP codes, and why is it suitable for offline authentication?
Open an interactive chat with Bash
What makes backup codes and Google prompts less suitable in this scenario?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .