Associate Cloud Engineer Exam

Exam Associate Cloud Engineer All QuestionsBrowse all questions from this exam

Question 256

You have deployed an application on a Compute Engine instance. An external consultant needs to access the Linux-based instance. The consultant is connected to your corporate network through a VPN connection, but the consultant has no Google account. What should you do?

Instruct the external consultant to use the gcloud compute ssh command line tool by using Identity-Aware Proxy to access the instance.

Instruct the external consultant to use the gcloud compute ssh command line tool by using the public IP address of the instance to access it.

Instruct the external consultant to generate an SSH key pair, and request the public key from the consultant. Add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key.

Instruct the external consultant to generate an SSH key pair, and request the private key from the consultant. Add the private key to the instance yourself, and have the consultant access the instance through SSH with their public key.

Correct Answer: C

To provide access to a Linux-based Compute Engine instance for an external consultant who does not have a Google account but is connected to the corporate network through VPN, you should instruct the consultant to generate an SSH key pair. Request the public key from the consultant, add the public key to the instance yourself, and then have the consultant access the instance through SSH using their private key. This method ensures secure and authenticated access without requiring a Google account.

Discussion

Cynthia2023Option: C

A. Using Identity-Aware Proxy (IAP): While IAP is a secure method of accessing Compute Engine instances, it typically requires a Google account for authentication, which the consultant does not have.

STEVE_PEGLEGOption: A

See responses on question #152 And https://cloud.google.com/iap/docs/external-identities. RE: IAP "This is useful if your application is already using an external authentication system, and migrating your users to Google accounts is impractical"

leoalvarezh

but the consultant is already in the corporate network through VPN, no need an external access

JB28Option: C

The correct answer is **C**. To allow an external consultant to access a Linux-based Compute Engine instance, you should: - Instruct the external consultant to generate an **SSH key pair**. This will result in a public key and a private key. - Request the **public key** from the consultant. The public key can be shared without compromising security. - Add the public key to the instance yourself. This will allow the consultant to authenticate with the Compute Engine instance. - Have the consultant access the instance through SSH with their **private key**. The private key should be kept secret and not shared. The other options (A, B, and D) are not correct because they either require the consultant to have a Google account, expose the instance to the public internet, or involve sharing the private key, which is a security risk.

KelvinTooOption: C

Per ChatGPT, Option C provides a secure and recommended method for granting the external consultant access to the Compute Engine instance using SSH key authentication without the need for a Google account.

YANGGEOption: A

A (IAP) is the solution

shiowbahOption: C

C. Instruct the external consultant to generate an SSH key pair, and request the public key from the consultant. Add the public key to the instance yourself, and have the consultant access the instance through SSH with their private key.

adsdadasdadOption: A

Should be A based on the previous questions

user636Option: A

IMO answer is "A". IAP does not require Google account. There are other authentication methods supported by IAP too. Ref: https://cloud.google.com/iap/docs/authenticate-users-external-identities

ccpmadOption: C

A requires a Google account and the consultant has not. So it is C.