Google Cloud Associate Cloud Engineer — Question 193

Your team is using Linux instances on Google Cloud. You need to ensure that your team logs in to these instances in the most secure and cost efficient way. What should you do?

Answer options

• A. Attach a public IP to the instances and allow incoming connections from the internet on port 22 for SSH.
• B. Use the gcloud compute ssh command with the --tunnel-through-iap flag. Allow ingress traffic from the IP range 35.235.240.0/20 on port 22.
• C. Use a third party tool to provide remote access to the instances.
• D. Create a bastion host with public internet access. Create the SSH tunnel to the instance through the bastion host.

Correct answer: B

Explanation

The correct answer is B because using the gcloud compute ssh command with the --tunnel-through-iap flag allows secure access without exposing the instances directly to the internet. Option A is insecure as it allows public access on port 22, while C does not ensure security or cost efficiency, and D complicates the setup with an unnecessary bastion host.