Google Cloud Professional Cloud Security Engineer — Question 130

You have numerous private virtual machines on Google Cloud. You occasionally need to manage the servers through Secure Socket Shell (SSH) from a remote location. You want to configure remote access to the servers in a manner that optimizes security and cost efficiency.

What should you do?

Answer options

• A. Create a site-to-site VPN from your corporate network to Google Cloud.
• B. Configure server instances with public IP addresses. Create a firewall rule to only allow traffic from your corporate IPs.
• C. Create a firewall rule to allow access from the Identity-Aware Proxy (IAP) IP range. Grant the role of an IAP-secured Tunnel User to the administrators.
• D. Create a jump host instance with public IP. Manage the instances by connecting through the jump host.

Correct answer: C

Explanation

The correct answer is C because using Identity-Aware Proxy (IAP) enhances security by allowing SSH access without exposing VM instances to the public internet. Options A and B may introduce security vulnerabilities by exposing the infrastructure, and D, while functional, also creates a potential security risk by using a jump host with a public IP.