Exam Associate Cloud Engineer topic 1 question 1 discussion

C is correct - https://cloud.google.com/compute/docs/instances/managing-instance-access

Send private key to users is not safe, i think it's C

Each team member must generate a new SSH key pair and add the public key to their Google account. Grant the "compute.osAdminLogin" role to the corresponding Google group for this team.

C is correct

Satisfies both the requirements a) providing Admin access & b) identifying who accessed the VM.

c is correct because you should never give your private keys

I have taken GCP ACE exam today morning and also cleared exam. Below are my suggestions and observations. 1. Almost 75-80% questions were from these exams (ExamTopics). 2. You will get same options as like this forum. 3. If your concepts are clear and if you have done good practice on these questions, you will be able to clear exam. 4. Please read question and options carefully, lot of questions are having almost same answer with some twist. 5. so what is required from question, and what options are available? eliminate groups on the basis of logic and words and try to get correct answer on the basis of your functional knowledge. Best luck

C is correct

. Which Kubernetes component would you use to ensure traffic is correctly routed to pods running your application? A. Pod router B. Deployment C. Service D. PersistentIPClaim Cloud anyone please tell me the answer?

Option C is correct because asking each member of the team to generate a new SSH key pair and to add the public key to their Google account allows the security team to manage the deployment of credentials efficiently. It also allows the security team to determine who accessed a given instance because the public key is associated with the Google account of the user. Granting the "compute.osAdminLogin" role to the Google group corresponding to this team ensures that all members of the team have administrative access to the servers.

C is correct In this scenario, granting the "compute.osAdminLogin" role to a Google group corresponding to the operational team would be the best option. This role would provide each team member with administrative access to instances, and by adding their public key to their Google account, they can use it to authenticate their access to instances without the need for a separate key management system. Additionally, the security team's requirement for auditing access can be met by using Cloud Audit Logging to log all access to the instances.

Avoiding the other options: Distributing a single private key to multiple members is not a best practice as it doesn't provide individual accountability. Manually deploying public keys on each instance using a configuration management tool can be cumbersome and doesn't provide the flexibility and integration that Google's IAM provides. By following the recommended approach, the organization can maintain a secure, traceable, and efficient method for managing access to Compute Engine instances.

C is the most appropriate. In this option, each team member generates their own SSH key pair and adds the public key to their Google account. By granting the `compute.osAdminLogin` role to the corresponding Google group for this team, security is enhanced, and operational efficiency is improved. This setup also allows precise tracking of which member accessed which instance.

Best Choice: C Option C is the best approach because it uses Google Cloud IAM roles to control access, integrates with Google accounts for individual credential management, and supports efficient auditing and access tracking. Each user will have their own SSH key, and their actions can be traced through IAM logs, providing both security and accountability.

There is something which you must know. NEVER SHARE PRIVATE KEY.

Why in the world would I give the private key to each member of my team. The answer is C

D https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys