Google Cloud Associate Cloud Engineer — Question 52

Every employee of your company has a Google account. Your operational team needs to manage a large number of instances on Compute Engine. Each member of this team needs only administrative access to the servers. Your security team wants to ensure that the deployment of credentials is operationally efficient and must be able to determine who accessed a given instance. What should you do?

Answer options

• A. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key in the metadata of each instance.
• B. Ask each member of the team to generate a new SSH key pair and to send you their public key. Use a configuration management tool to deploy those keys on each instance.
• C. Ask each member of the team to generate a new SSH key pair and to add the public key to their Google account. Grant the ג€compute.osAdminLoginג€ role to the Google group corresponding to this team.
• D. Generate a new SSH key pair. Give the private key to each member of your team. Configure the public key as a project-wide public SSH key in your Cloud Platform project and allow project-wide public SSH keys on each instance.

Correct answer: C

Explanation

The correct answer is C because it allows each team member to have their own SSH key linked to their Google account while also granting the necessary permissions through the 'compute.osAdminLogin' role. This approach is efficient for credential management and facilitates tracking access by user. Options A and D involve sharing a private key, which poses a security risk, and option B complicates the process by requiring the use of a configuration management tool for key deployment.