ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 3.1: Deploying and implementing Compute Engine resourcesDomain 3.1Compute EngineSSHSecurity

GCP ACE · Question 21 · Domain 3.1: Deploying and implementing Compute Engine resources

An external contractor needs SSH access to a specific Compute Engine instance named 'db-admin-vm' to perform maintenance. You do not want to grant them IAM access to the GCP project, and you do not want to use OS Login. You have generated an SSH key pair.

Which TWO steps must you take to grant them access using this key pair? (Select TWO)

Answer options:

A.

Format the public key with the contractor's username.

B.

Add the private key to the instance metadata of 'db-admin-vm'.

C.

Add the public key to the project-level metadata.

D.

Add the public key to the instance metadata of 'db-admin-vm'.

E.

Assign the contractor the roles/compute.osLogin role.

How to approach this question

Understand how metadata-based SSH keys work in GCP (public key on server, formatted with username).

Full Answer

To grant SSH access via metadata (without OS Login), you must format the public SSH key to include the username. Then, you add this formatted public key to the instance-level metadata of the specific VM. The GCP guest environment agent will read this metadata and provision the local user account and authorized_keys file on the VM.

Common mistakes

Selecting project-level metadata, which would grant access to all VMs in the project.
20All questions22

Practice the full GCP Associate Cloud Engineer Practice Exam 3

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01You are starting a new project in Google Cloud and need to create a new GCP project and enable th...EasyQ02A new team member has joined your operations team. They need to be able to view all Compute Engin...MediumQ03Your company is migrating to Google Cloud. You currently manage all employee identities in an on-...MediumQ04Your development team is experimenting with new GCP services in a sandbox project. The finance te...MediumQ05Your company wants to perform complex, custom SQL analysis on their Google Cloud billing data to ...Easy
View all 50 questions →