Answer-first summary for fast verification
Answer: Use the gcloud compute ssh command with the --tunnel-through-iap flag. Allow ingress traffic from the IP range 35.235.240.0/20 on port 22.
The most secure and cost-efficient method for your team to access Linux instances on Google Cloud is to use Identity-Aware Proxy (IAP) for TCP forwarding. By using the `gcloud compute ssh` command with the `--tunnel-through-iap` flag, you ensure secure SSH access without exposing the instances directly to the internet. Additionally, you must allow ingress traffic from the IP range 35.235.240.0/20 on port 22, which is the IP range used by IAP for TCP forwarding. This method avoids the need for a public IP or a bastion host, making it both secure and cost-effective.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your team is currently utilizing Linux virtual machine instances on Google Cloud Platform (GCP) for various operations. As part of your role in optimizing security protocols and managing costs effectively, you need to determine the best method for your team members to securely log in to these Linux instances. How should you proceed to ensure both security and cost-efficiency in this scenario?
A
Attach a public IP to the instances and allow incoming connections from the internet on port 22 for SSH.
B
Use the gcloud compute ssh command with the --tunnel-through-iap flag. Allow ingress traffic from the IP range 35.235.240.0/20 on port 22.
C
Use a third party tool to provide remote access to the instances.
D
Create a bastion host with public internet access. Create the SSH tunnel to the instance through the bastion host.
No comments yet.