exam questions

Exam Associate Cloud Engineer All Questions

View all questions & answers for the Associate Cloud Engineer exam

Exam Associate Cloud Engineer topic 1 question 191 discussion

Actual exam question from Google's Associate Cloud Engineer
Question #: 191
Topic #: 1
[All Associate Cloud Engineer Questions]

You have deployed multiple Linux instances on Compute Engine. You plan on adding more instances in the coming weeks. You want to be able to access all of these instances through your SSH client over the internet without having to configure specific access on the existing and new instances. You do not want the
Compute Engine instances to have a public IP. What should you do?

  • A. Configure Cloud Identity-Aware Proxy for HTTPS resources.
  • B. Configure Cloud Identity-Aware Proxy for SSH and TCP resources
  • C. Create an SSH keypair and store the public key as a project-wide SSH Key.
  • D. Create an SSH keypair and store the private key as a project-wide SSH Key.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Akash7
Highly Voted 2 years, 7 months ago
B is correct as question say no public IP on the instance.
upvoted 13 times
Akash7
2 years, 6 months ago
Use IAP TCP to enable access to VM instances that do not have external IP addresses or do not permit direct access over the internet. https://cloud.google.com/iap/docs/using-tcp-forwarding
upvoted 16 times
...
...
Untamables
Highly Voted 2 years, 1 month ago
Selected Answer: B
Absolutely B https://cloud.google.com/iap/docs/using-tcp-forwarding#tunneling_ssh_connections
upvoted 5 times
...
Vovtchick
Most Recent 1 year ago
Answer B https://cloud.google.com/blog/products/identity-security/cloud-iap-enables-context-aware-access-to-vms-via-ssh-and-rdp-without-bastion-hosts
upvoted 2 times
...
jimmydice
1 year, 1 month ago
B - Cloud Identity-Aware Proxy (IAP) allows you to set up secure access to your VM instances without the need to expose them to the public internet. By using IAP for SSH and TCP resources, you can manage access to the instances through a central point (IAP), which serves as a secure way to access your resources without the need for public IP addresses. IAP allows you to set up access controls based on user identities and their permissions, rather than relying on specific IP addresses or public keys configured on individual instances. This streamlines access management and enhances security, providing centralized control over SSH access to your Compute Engine instances.
upvoted 3 times
...
sabrinakloud
1 year, 7 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
Gautam_Thampy
2 years, 2 months ago
Selected Answer: B
b is right
upvoted 1 times
...
snkhatri
2 years, 3 months ago
Selected Answer: B
B looks right
upvoted 1 times
...
AzureDP900
2 years, 5 months ago
B is correct, With TCP forwarding, IAP can protect SSH and RDP access to your VMs hosted on Google Cloud. Your VM instances don't even need public IP addresses.
upvoted 4 times
...
Rutu_98
2 years, 6 months ago
Selected Answer: B
B is correct
upvoted 2 times
...
lixamec
2 years, 6 months ago
Selected Answer: B
I think it is B https://medium.com/google-cloud/how-to-ssh-into-your-gce-machine-without-a-public-ip-4d78bd23309e
upvoted 1 times
...
CloudAce7890
2 years, 6 months ago
Selected Answer: B
B is correct as it uses IAP
upvoted 2 times
...
JelloMan
2 years, 6 months ago
Selected Answer: C
IAP lets you establish a central authorization layer for applications accessed by HTTPS. This statement immediately eliminates A & B since you would need to publicly access the instance. C is also incorrect because it uses a private SSH key. Private keys are only meant for the user themselves as proof of their identity. Public SSH keys are meant to be used for access within applications, so that is the most applicable in this case. D, final answer.
upvoted 2 times
...
JelloMan
2 years, 6 months ago
Selected Answer: D
IAP lets you establish a central authorization layer for applications accessed by HTTPS. This statement immediately eliminates A & B since you would need to publicly access the instance. C is also incorrect because it uses a private SSH key. Private keys are only meant for the user themselves as proof of their identity. Public SSH keys are meant to be used for access within applications, so that is the most applicable in this case. D, final answer.
upvoted 2 times
jeffangel28
2 years, 4 months ago
https://cloud.google.com/iap/docs/using-tcp-forwarding read pls!!
upvoted 2 times
...
JelloMan
2 years, 6 months ago
Scratch this. Made a mistake. C is the correct answer (thought they were flipped)
upvoted 2 times
dark_3k03r
2 years, 6 months ago
The question states "You do not want the Compute Engine instances to have a public IP", so that knocks out C and D as both options require public access. IAP however supports port forwarding for your client so the instances are never exposed. That leaves A and B. With the question explicitly stating "your ssh client", that means you need to configure the Cloud Identity Aware proxy for ssh (i.e. port forwarding. Touching the proxies is not "configure specific access on the existing and new instances" as all this occurs on IAP and not the compute engine api.
upvoted 5 times
...
...
...
PAUGURU
2 years, 7 months ago
Selected Answer: C
C looks better
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...