ExpertGCP ACE · Question 21 · Domain 3.1: Deploying and implementing Compute Engine resources
Your security team requires that SSH access to Compute Engine instances be managed centrally using IAM roles. They want to ensure that when an employee leaves the company, their SSH access is automatically revoked when their Google Workspace account is suspended. They also want to disable project-wide SSH keys.
Which TWO actions should you take? (Select TWO)
Your security team requires that SSH access to Compute Engine instances be managed centrally using IAM roles. They want to ensure that when an employee leaves the company, their SSH access is automatically revoked when their Google Workspace account is suspended. They also want to disable project-wide SSH keys.
Which TWO actions should you take? (Select TWO)
Answer options:
Enable OS Login at the project or instance level
Grant the roles/compute.osLogin or roles/compute.osAdminLogin role to authorized users
Add the users' public SSH keys to the project metadata
Distribute private SSH keys to users via a secure Cloud Storage bucket
Use Cloud IAP (Identity-Aware Proxy) without enabling OS Login
How to approach this question
Full Answer
Common mistakes
Practice the full GCP Associate Cloud Engineer Practice Exam 5
50 questions · hints · full answers · grading