ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 3.1: Deploying and implementing Compute Engine resourcesCompute EngineSecuritySSHMetadata

GCP ACE · Question 21 · Domain 3.1: Deploying and implementing Compute Engine resources

An external contractor needs SSH access to a specific Compute Engine instance named 'db-admin-vm' to perform maintenance. You do not want to grant them IAM access to the Google Cloud project.

How should you provide them access?

Answer options:

A.

Grant the contractor the roles/compute.osLogin role on the project.

B.

Ask the contractor for their public SSH key and add it to the project-level metadata.

C.

Ask the contractor for their public SSH key and add it to the metadata of the 'db-admin-vm' instance.

D.

Create a service account, download the JSON key, and send it to the contractor.

How to approach this question

Determine how to grant SSH access without IAM. SSH keys in metadata is the traditional way. Ensure it's applied at the instance level, not project level, to restrict access to one VM.

Full Answer

C.Ask the contractor for their public SSH key and add it to the metadata of the 'db-admin-vm' instance.✓ Correct
If you need to grant SSH access to a specific VM without granting IAM permissions (like OS Login), you can manage SSH keys manually via metadata. To restrict access to only the 'db-admin-vm', you must add the contractor's public SSH key to the instance-level metadata of that specific VM. Adding it to project-level metadata would grant access to other VMs in the project.

Common mistakes

Choosing project-level metadata, which grants too much access, or choosing OS Login, which requires IAM permissions.
20All questions22

Practice the full GCP Associate Cloud Engineer Practice Exam 6

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01What is the primary purpose of a Google Cloud project?EasyQ02Your development team needs to manage Compute Engine instances in a specific project. They need t...MediumQ03You are automating the setup of a new Google Cloud project using a bash script. You need to enabl...EasyQ04Your startup has a strict monthly cloud budget of $500. You want to be notified immediately if yo...MediumQ05Your finance team wants to perform granular analysis of your Google Cloud spending using SQL. The...Hard
View all 50 questions →