Google Cloud Associate Cloud Engineer — Question 83

You want to configure an SSH connection to a single Compute Engine instance for users in the dev1 group. This instance is the only resource in this particular
Google Cloud Platform project that the dev1 users should be able to connect to. What should you do?

Answer options

• A. Set metadata to enable-oslogin=true for the instance. Grant the dev1 group the compute.osLogin role. Direct them to use the Cloud Shell to ssh to that instance.
• B. Set metadata to enable-oslogin=true for the instance. Set the service account to no service account for that instance. Direct them to use the Cloud Shell to ssh to that instance.
• C. Enable block project wide keys for the instance. Generate an SSH key for each user in the dev1 group. Distribute the keys to dev1 users and direct them to use their third-party tools to connect.
• D. Enable block project wide keys for the instance. Generate an SSH key and associate the key with that instance. Distribute the key to dev1 users and direct them to use their third-party tools to connect.

Correct answer: A

Explanation

The correct answer is A because enabling oslogin and granting the compute.osLogin role allows for easier management of SSH access through IAM roles, specifically tailored for the dev1 group. Options B, C, and D either do not utilize oslogin properly or involve manual SSH key management, which is less secure and more cumbersome for user access control.