ExpertMedium1 markMultiple Choice
GCP ACE · Question 20 · Domain 3.1: Deploying and implementing Compute Engine resources
A third-party contractor needs SSH access to a specific Compute Engine instance named 'db-admin-vm'. You do not want to grant them IAM access to the Google Cloud project. You have their public SSH key.
How should you grant them access to this specific VM?
A third-party contractor needs SSH access to a specific Compute Engine instance named 'db-admin-vm'. You do not want to grant them IAM access to the Google Cloud project. You have their public SSH key.
How should you grant them access to this specific VM?
Answer options:
A.
Add their public SSH key to the project-level metadata.
B.
Add their public SSH key to the custom metadata of the 'db-admin-vm' instance.
C.
Create a local user account on the VM using a startup script.
D.
Grant them the 'Compute OS Login' IAM role on the specific instance.
How to approach this question
Differentiate between project-level and instance-level SSH keys in GCP.
Full Answer
B.Add their public SSH key to the custom metadata of the 'db-admin-vm' instance.✓ Correct
Add their public SSH key to the custom metadata of the 'db-admin-vm' instance.
In Google Cloud, you can manage SSH keys via metadata. If you add a public SSH key to project-level metadata, the user gets access to all VMs in the project. To restrict access to a single VM, you add the public key directly to that specific instance's metadata.
Common mistakes
Choosing project-level metadata, which is a massive security risk if the user only needs access to one machine.
Practice the full GCP Associate Cloud Engineer Practice Exam 7
50 questions · hints · full answers · grading
More questions from this exam
Q01You are starting a new initiative and need to create a new Google Cloud project using the Cloud S...EasyQ02Your company is migrating to Google Cloud and wants to manage user identities centrally. They cur...MediumQ03You have just created a new Google Cloud project and want to deploy a containerized application u...MediumQ04Your finance team wants to perform complex SQL queries on your Google Cloud billing data to analy...MediumQ05You are managing a development project in Google Cloud. You want to ensure that you are notified ...Easy