Domain 3.1: Deploying and implementing Compute Engine resources — GCP ACE Practice Question 20

How to approach this question

Differentiate between project-level and instance-level SSH keys in GCP.

Full Answer

B.Add their public SSH key to the custom metadata of the 'db-admin-vm' instance.✓ Correct

In Google Cloud, you can manage SSH keys via metadata. If you add a public SSH key to project-level metadata, the user gets access to all VMs in the project. To restrict access to a single VM, you add the public key directly to that specific instance's metadata.

Common mistakes

Choosing project-level metadata, which is a massive security risk if the user only needs access to one machine.

A third-party contractor needs SSH access to a specific Compute Engine instance named 'db-admin-vm'. You do not want to grant them IAM access to the Google Cloud project. You have their public SSH key.

How should you grant them access to this specific VM?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 7

More questions from this exam

A third-party contractor needs SSH access to a specific Compute Engine instance named 'db-admin-vm'. You do not want to grant them IAM access to the Google Cloud project. You have their public SSH key. How should you grant them access to this specific VM?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 7

More questions from this exam

A third-party contractor needs SSH access to a specific Compute Engine instance named 'db-admin-vm'. You do not want to grant them IAM access to the Google Cloud project. You have their public SSH key.

How should you grant them access to this specific VM?