Google Associate Cloud Engineer Exam - Topic 3 Question 21 Discussion

Actual exam question for Google's Associate Cloud Engineer exam

Question #: 21
Topic #: 3

[All Associate Cloud Engineer Questions]

Your company runs its Linux workloads on Compute Engine instances. Your company will be working with a new operations partner that does not use Google Accounts. You need to grant access to the instances to your operations partner so they can maintain the installed tooling. What should you do?

AEnable Cloud IAP for the Compute Engine instances, and add the operations partner as a Cloud IAP Tunnel User.

BTag all the instances with the same network tag. Create a firewall rule in the VPC to grant TCP access on port 22 for traffic from the operations partner to instances with the network tag.

CSet up Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.

DAsk the operations partner to generate SSH key pairs, and add the public keys to the VM instances.

Show Suggested Answer

Suggested Answer: B

https://cloud.google.com/vpc/docs/firewalls

by Lavera at May 06, 2022, 09:23 PM

Limited Time Offer

25%

Off

Get Premium Associate Cloud Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Christiane

4 months ago

Wait, can they really access everything with just SSH keys? Sounds risky!

upvoted 0 times

...

Jody

4 months ago

I think A is better for security with IAP.

upvoted 0 times

...

Pa

4 months ago

But what if they lose their keys? That could be a hassle.

upvoted 0 times

...

Skye

4 months ago

I agree with D, it's a common practice for granting access.

upvoted 0 times

...

Paulene

5 months ago

Option D seems the most straightforward. Just add their SSH keys.

upvoted 0 times

...

Vincenza

5 months ago

Setting up a Cloud VPN seems like overkill for just granting access, but I guess it could be useful if they need more than just SSH.

upvoted 0 times

...

Janet

5 months ago

The firewall rule option sounds familiar from practice questions, but I wonder if it’s secure enough for our operations partner.

upvoted 0 times

...

Joseph

5 months ago

I think enabling Cloud IAP could be a good choice since it allows access without needing Google Accounts, but I need to double-check how that works.

upvoted 0 times

...

Sunny

5 months ago

I remember something about using SSH keys for access, but I'm not sure if that's the best option here.

upvoted 0 times

...

Renea

5 months ago

Wait, what's the difference between SCSI and IDE/SATA drives again? I'm a bit confused on the file naming scheme.

upvoted 0 times

...

Lonny

5 months ago

I'm a bit confused by the wording of the question. Does it want us to identify the URLs for the test and staging instances, or the URLs that the testing team currently has access to? I'll need to re-read this carefully.

upvoted 0 times

...

Hyun

5 months ago

I think the key here is to focus on the ISP's perspective. A hard bounce is likely to be the most indicative of their view of the sender's reputation, so I'm going to go with that.

upvoted 0 times

...

Vincent

5 months ago

Hmm, I'm a bit unsure about this one. I know the Sun One Directory Server is an LDAP directory, but I'm not familiar with the specific user names and permissions required for GVP. I'll need to think this through carefully.

upvoted 0 times

...

Adrianna

5 months ago

I've seen a practice question similar to this, and I think DataV should support CSV and JSON, right? Those are common formats.

upvoted 0 times

...

Terrilyn

5 months ago

Hmm, I'm a bit unsure about this one. There are a few different options, and I want to make sure I understand the details of each one before selecting an answer.

upvoted 0 times

...