ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 3.1: Deploying and implementing Compute Engine resourcesCompute EngineSecurityOS LoginSSH

GCP ACE · Question 21 · Domain 3.1: Deploying and implementing Compute Engine resources

Your security team requires that all SSH access to Compute Engine instances be tied to users' Google Cloud IAM identities, rather than managing individual SSH keys manually. You need to configure this for a new project.

Which TWO steps should you take to implement this? (Select TWO)

Answer options:

A.

Enable OS Login at the project level.

B.

Generate a shared SSH key pair and distribute the private key to all developers.

C.

Grant the users the 'roles/compute.osLogin' or 'roles/compute.osAdminLogin' IAM role.

D.

Add the users' public SSH keys to the project metadata.

E.

Configure Identity-Aware Proxy (IAP) TCP forwarding.

How to approach this question

Identify the GCP feature that links Linux SSH access to Google Workspace/Cloud Identity accounts.

Full Answer

OS Login is the GCP feature that ties SSH access to IAM. To use it, you must first enable it (usually by setting `enable-oslogin=TRUE` in project metadata) and then grant users the appropriate IAM roles (`compute.osLogin` for standard user access, or `compute.osAdminLogin` for sudo access).

Common mistakes

Selecting manual SSH key management, which is exactly what OS Login is designed to prevent.
20All questions22

Practice the full GCP Associate Cloud Engineer Practice Exam 2

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Your company is migrating to Google Cloud and needs to establish a resource hierarchy. You have t...EasyQ02You are managing access to a GCP project. You need to grant 15 developers the ability to view Com...MediumQ03You have created a new GCP project using the Cloud Console. You want to deploy a Cloud Function u...EasyQ04Your startup has a strict monthly cloud budget of $500. You want to be notified immediately if yo...EasyQ05Your finance team wants to perform complex SQL analysis on your GCP billing data to understand co...Medium
View all 50 questions →