Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Exam Associate Cloud Engineer Topic 4 Question 95 Discussion

Actual exam question for Google's Associate Cloud Engineer exam
Question #: 95
Topic #: 4
[All Associate Cloud Engineer Questions]

You have deployed an application on a Compute Engine instance. An external consultant needs to access the Linux-based instance. The consultant is connected to your corporate network through a VPN connection, but the consultant has no Google account. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: C

The best option is to instruct the external consultant to generate an SSH key pair, and request the public key from the consultant. Then, add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key. This way, you can grant the consultant access to the instance without requiring a Google account or exposing the instance's public IP address.This option also follows the best practice of using user-managed SSH keys instead of service account keys for SSH access1.

Option A is not feasible because the external consultant does not have a Google account, and therefore cannot use Identity-Aware Proxy (IAP) to access the instance.IAP requires the user to authenticate with a Google account and have the appropriate IAM permissions to access the instance2. Option B is not secure because it exposes the instance's public IP address, which can increase the risk of unauthorized access or attacks. Option D is not correct because it reverses the roles of the public and private keys. The public key should be added to the instance, and the private key should be kept by the consultant.Sharing the private key with anyone else can compromise the security of the SSH connection3.


1: https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys

2: https://cloud.google.com/iap/docs/using-tcp-forwarding

3: https://cloud.google.com/compute/docs/instances/connecting-advanced#sshbetweeninstances

by Floyd at Sep 17, 2024, 12:11 PM

Limited Time Offer

25%

Off

Get Premium Associate Cloud Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Marleen
6 months ago
Haha, imagine the consultant trying to use the gcloud tool without a Google account? That's just asking for trouble. C is the clear winner here.
upvoted 0 times
Nakisha
6 months ago
Using SSH key pair with option C is the best choice for the consultant to access the Linux-based instance securely.
upvoted 0 times
...
Huey
6 months ago
Agreed, C is the most secure option for adding the consultant's SSH key to the instance.
upvoted 0 times
...
Bettina
6 months ago
Yeah, definitely don't want the consultant to struggle with gcloud without a Google account. C is the way to go.
upvoted 0 times
...
...
Tamekia
6 months ago
Hmm, I'm not sure about giving the consultant direct access to the instance's public IP. Option B feels a bit risky to me. C is the safer bet.
upvoted 0 times
Macy
6 months ago
It's important to prioritize security when granting access to external consultants.
upvoted 0 times
...
Arlette
6 months ago
Using SSH key pairs with option C is definitely a safer approach.
upvoted 0 times
...
Felicidad
6 months ago
I agree, giving direct access through the public IP does seem risky.
upvoted 0 times
...
...
Alpha
7 months ago
I agree with Pearline. Option C is the best choice here. The consultant doesn't need a Google account, and the SSH key pair is a simple solution.
upvoted 0 times
Eugene
6 months ago
Definitely. It's a straightforward solution for granting access to the Linux-based instance.
upvoted 0 times
...
My
6 months ago
Agreed. It's the most efficient way to grant access to the consultant.
upvoted 0 times
...
Lauran
6 months ago
I think so too. It's the most secure option as well.
upvoted 0 times
...
Olive
6 months ago
Option C is definitely the way to go. It's simple and doesn't require a Google account.
upvoted 0 times
...
...
Venita
7 months ago
That's a good point, Jaleesa. Convenience is important too. It really depends on the specific needs of the consultant.
upvoted 0 times
...
Jaleesa
7 months ago
I disagree, I believe option A is more convenient. Using Identity-Aware Proxy with gcloud compute ssh is easier for the consultant.
upvoted 0 times
...
Pearline
7 months ago
Option C is the way to go. The consultant can generate an SSH key pair, and you can add the public key to the instance. Secure and straightforward.
upvoted 0 times
Kimberlie
6 months ago
Exactly, it's a simple and secure solution for the consultant to access the instance.
upvoted 0 times
...
Nancey
6 months ago
Then you can add the public key to the instance yourself.
upvoted 0 times
...
Jeanice
6 months ago
I agree, having the consultant generate an SSH key pair is the way to go.
upvoted 0 times
...
Theron
7 months ago
Option C is the best choice. It's secure and easy.
upvoted 0 times
...
...
Venita
7 months ago
I think option C is the best choice. It's secure and allows the consultant to access the instance with their private key.
upvoted 0 times
...

Save Cancel