Google Cloud Associate Cloud Engineer — Question 286

You are managing a fleet of Compute Engine Linux instances in a Google Cloud project. Your company's engineering team requires SSH access to all instances to perform routine maintenance tasks. You need to manage the SSH access for the engineering team, and you want to minimize operational overhead when engineers join or leave the team. What should you do?

Answer options

• A. Create a single SSH key pair to be shared by all engineering team members. Add the public SSH key to project metadata.
• B. Create an SSH key pair for each engineer on the team, and add the public SSH key to the metadata of the relevant instances.
• C. Create a Google Group for all engineering team members, and grant them the Compute Viewer IAM role. Manage group membership when engineers join or leave the team.
• D. Create a Google Group for all engineering team members, and set up OS Login for this group on the project. Manage group membership when engineers join or leave the team.

Correct answer: D

Explanation

The correct answer is D because using OS Login with a Google Group allows centralized management of SSH access, reducing overhead when team members change. Option A is not ideal as sharing a single key poses security risks, while option B requires individual key management which increases operational tasks. Option C does not provide SSH access directly, as the Compute Viewer IAM role lacks permissions for SSH access.