The Dress4Win security team has disabled external SSH access into production virtual machines (VMs) on Google Cloud Platform (GCP).
The operations team needs to remotely manage the VMs, build and push Docker containers, and manage Google Cloud Storage objects.
What can they do?
A. Grant the operations engineer access to use Google Cloud Shell.
B. Configure a VPN connection to GCP to allow SSH access to the cloud VMs.
C. Develop a new access request process that grants temporary SSH access to cloud VMs when an operations engineer needs to perform a task.
D. Have the development team build an API service that allows the operations team to execute specific remote procedure calls to accomplish their tasks.
|
Download Printable PDF. VALID exam to help you PASS. |
 |
The same question is in Coursera course. Answer is A “The operations team doesn’t actually need SSH access to manage VMs. All it needs is Cloud Shell with the Cloud SDK and gcloud tools. Cloud Shell provides all the tools for managing Compute Engine instances. In this case the assumption that SSH access is needed is incorrect.” As for B answer it seems to be like hack action, because security team has reasons to disable external SSH access. And I have checked in QwikiLabs that there is still access via Cloud Shell when VM has only internal IP.
B is correct.
only 1 bastion host has an external IP. Admins can VPN into it and SSH to other hosts which have only internal IPs
Answer is B. If external IP was disabled it wouldn’t work but that isn’t mentioned
B is correct. Cloud shell also need external IP to access VM
A is correct
should be A
though the SSH didn’t enabled , what does VPN use for ?