Exam Associate Cloud Engineer topic 1 question 1 discussion

C is correct - https://cloud.google.com/compute/docs/instances/managing-instance-access

Send private key to users is not safe, i think it's C

C is correct

According to Google: OS Login We advise utilizing OS Login in the majority of situations. With the OS Login capability, you can control SSH access to Linux instances using Compute Engine IAM roles. Pro versions of guide from examtopicspro.com are more authentic so By configuring OS Login with two-factor authentication and establishing organization policies, you may control access at the organizational level and add an additional degree of protection.

. Which Kubernetes component would you use to ensure traffic is correctly routed to pods running your application? A. Pod router B. Deployment C. Service D. PersistentIPClaim Cloud anyone please tell me the answer?

Option C is correct because asking each member of the team to generate a new SSH key pair and to add the public key to their Google account allows the security team to manage the deployment of credentials efficiently. It also allows the security team to determine who accessed a given instance because the public key is associated with the Google account of the user. Granting the "compute.osAdminLogin" role to the Google group corresponding to this team ensures that all members of the team have administrative access to the servers.

C is correct In this scenario, granting the "compute.osAdminLogin" role to a Google group corresponding to the operational team would be the best option. This role would provide each team member with administrative access to instances, and by adding their public key to their Google account, they can use it to authenticate their access to instances without the need for a separate key management system. Additionally, the security team's requirement for auditing access can be met by using Cloud Audit Logging to log all access to the instances.

Avoiding the other options: Distributing a single private key to multiple members is not a best practice as it doesn't provide individual accountability. Manually deploying public keys on each instance using a configuration management tool can be cumbersome and doesn't provide the flexibility and integration that Google's IAM provides. By following the recommended approach, the organization can maintain a secure, traceable, and efficient method for managing access to Compute Engine instances.

C is the most appropriate. In this option, each team member generates their own SSH key pair and adds the public key to their Google account. By granting the `compute.osAdminLogin` role to the corresponding Google group for this team, security is enhanced, and operational efficiency is improved. This setup also allows precise tracking of which member accessed which instance.

Best Choice: C Option C is the best approach because it uses Google Cloud IAM roles to control access, integrates with Google accounts for individual credential management, and supports efficient auditing and access tracking. Each user will have their own SSH key, and their actions can be traced through IAM logs, providing both security and accountability.

There is something which you must know. NEVER SHARE PRIVATE KEY.

Why in the world would I give the private key to each member of my team. The answer is C

D https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys

C is correct

C is Correct

C is correct

Because they need administrative access only on the machines