Associate Cloud Engineer Exam QuestionsBrowse all questions from this exam

Associate Cloud Engineer Exam - Question 256


You have deployed an application on a Compute Engine instance. An external consultant needs to access the Linux-based instance. The consultant is connected to your corporate network through a VPN connection, but the consultant has no Google account. What should you do?

Show Answer
Correct Answer: C

To provide access to a Linux-based Compute Engine instance for an external consultant who does not have a Google account but is connected to the corporate network through VPN, you should instruct the consultant to generate an SSH key pair. Request the public key from the consultant, add the public key to the instance yourself, and then have the consultant access the instance through SSH using their private key. This method ensures secure and authenticated access without requiring a Google account.

Discussion

9 comments
Sign in to comment
Cynthia2023Option: C
Jan 3, 2024

A. Using Identity-Aware Proxy (IAP): While IAP is a secure method of accessing Compute Engine instances, it typically requires a Google account for authentication, which the consultant does not have.

KelvinTooOption: C
Dec 31, 2023

Per ChatGPT, Option C provides a secure and recommended method for granting the external consultant access to the Compute Engine instance using SSH key authentication without the need for a Google account.

JB28Option: C
Jan 14, 2024

The correct answer is **C**. To allow an external consultant to access a Linux-based Compute Engine instance, you should: - Instruct the external consultant to generate an **SSH key pair**. This will result in a public key and a private key. - Request the **public key** from the consultant. The public key can be shared without compromising security. - Add the public key to the instance yourself. This will allow the consultant to authenticate with the Compute Engine instance. - Have the consultant access the instance through SSH with their **private key**. The private key should be kept secret and not shared. The other options (A, B, and D) are not correct because they either require the consultant to have a Google account, expose the instance to the public internet, or involve sharing the private key, which is a security risk.

STEVE_PEGLEGOption: A
Feb 1, 2024

See responses on question #152 And https://cloud.google.com/iap/docs/external-identities. RE: IAP "This is useful if your application is already using an external authentication system, and migrating your users to Google accounts is impractical"

leoalvarezh
Feb 17, 2024

but the consultant is already in the corporate network through VPN, no need an external access

shiowbahOption: C
Dec 30, 2023

C. Instruct the external consultant to generate an SSH key pair, and request the public key from the consultant. Add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key.

YANGGEOption: A
Jan 28, 2024

A (IAP) is the solution

adsdadasdadOption: A
Apr 29, 2024

Should be A based on the previous questions

ccpmadOption: C
May 19, 2024

A requires a Google account and the consultant has not. So it is C.

user636Option: A
Jul 21, 2024

IMO answer is "A". IAP does not require Google account. There are other authentication methods supported by IAP too. Ref: https://cloud.google.com/iap/docs/authenticate-users-external-identities