Topic 1 Question 133

Professional Cloud Architect

Topic 1 Question 133
You have deployed several instances on Compute Engine. As a security requirement, instances cannot have a public IP address. There is no VPN connection between Google Cloud and your office, and you need to connect via SSH into a specific machine without violating the security requirements. What should you do?
- Configure Cloud NAT on the subnet where the instance is hosted. Create an SSH connection to the Cloud NAT IP address to reach the instance.
- Add all instances to an unmanaged instance group. Configure TCP Proxy Load Balancing with the instance group as a backend. Connect to the instance using the TCP Proxy IP.
- Configure Identity-Aware Proxy (IAP) for the instance and ensure that you have the role of IAP-secured Tunnel User. Use the gcloud command line tool to ssh into the instance.
- Create a bastion host in the network to SSH into the bastion host from your office location. From the bastion host, SSH into the desired instance.
解説
Reference: https://cloud.google.com/solutions/connecting-securely

ユーザの投票
コメント(17)
- Answer is C. https://cloud.google.com/iap/docs/using-tcp-forwarding#tunneling_with_ssh
  
  👍 53
  TotoroChina2021/07/01
- And D seems correct, bastion host is specifically used for this purpose, using option C user can connect through cloud only. By using a bastion host, you can connect to an VM that does not have an external IP address. This approach allows you to connect to a development environment or manage the database instance for your external application, for example, without configuring additional firewall rules. https://cloud.google.com/solutions/connecting-securely
  
  👍 15
  ank822021/07/10
- 正解だと思う選択肢: C
  As per chatGPT answer is C. Identity-Aware Proxy (IAP) is a Google Cloud service that provides secure access to VM instances without exposing them to the internet. It allows you to establish a secure SSH connection to a VM instance via the Google Cloud Console or the gcloud command-line tool, using OAuth 2.0-based authentication and authorization. With IAP, you can set up secure, encrypted tunnels to your VM instances, without the need for a VPN or an external bastion host.
  
  By configuring IAP for the instance and ensuring that you have the IAP-secured Tunnel User role, you can securely access the instance using the gcloud command-line tool to SSH into the instance, without violating the security requirements.
  
  👍 3
  VarunGo2023/03/07
シャッフルモード

解説

ユーザの投票

コメント(17)