Examtopics

コメント(17)

• Correct answer A . D is incorrect - it mentions that you are adding the ssh key to the project, but the question says "block project-wide SSH keys." therefore that ssh key will not be added to the instance.

  👍 16

  iloveme2020/10/07

• A is worked, I have tested as below

  1. Created VM
  2. Set enable-oslogin FALSE ( in compute engine metadata) as well in VM's metadata
  3. None of the instances are set with any SSH key, and no project-wide SSH keys have been configured (set block project wide ssh key on VM)
  4. firewall allow for tcp:22
  5. Try to ssh from cloud shell and web console, worked able to ssh into VM
  👍 12

  aa_desh2021/09/08

• I think its A. The key inference here is you want to access one instance temporarily and we are assuming you are a gcloud or console user with instance admin permissions. Using cloud shell or cloud ssh a temporary private key is generated on-demand and held in the browser. The corresponding public key is created and added to project wide or instance specific metadata. The public key has additional information associated with it, including an expiry timestamp, which renders it invalid after a few minutes. The public key is set on the project's metadata unless the instance to which you're connecting via SSH has the "block project wide SSH keys" attribute set; in that case, the public key is set on the instance's metadata.

  D is wrong as you would allow access to all instances. C would work but it requires the user to manage the key pairs

  4. When you SSH using the gcloud tool (for example, gcloud compute ssh) [4], you have to be authenticated to the gcloud tool as a compute instance admin
  👍 3

  JoeShmoe2021/05/28