Explanation:
The correct answer is A because project-wide SSH access can be blocked by setting the --metadata block-project-ssh-keys parameter to TRUE at the instance level. This ensures the instance only accepts SSH keys specified in its own metadata, ignoring project-wide keys. Refer to the GCP documentation on Compute Block Project Keys for more details. Options B, C, and D are incorrect for the following reasons: B suggests that project-wide access cannot be blocked, which is false; C uses the wrong command level (project-info instead of instances); and D incorrectly sets the parameter to FALSE, which allows project-wide keys.
Ultimate access to all questions.
You are responsible for ensuring that only the operations team's public SSH keys are accessible on a specific Bastion host instance within a particular project, despite project-wide access already being granted to all instances. What is the most efficient method to override or block the project-level access on the Bastion host?
A
Execute the command gcloud compute instances add-metadata [INSTANCE_NAME] --metadata block-project-ssh-keys=TRUE to block the access.
B
Project-wide SSH access cannot be overridden or blocked and must be removed entirely.
C
Use the command gcloud compute project-info add-metadata [INSTANCE_NAME] --metadata block-project-ssh-keys=FALSE to block the access.
D
Run the command gcloud compute instances add-metadata [INSTANCE_NAME] --metadata block-project-ssh-keys=FALSE to block the access.
No comments yet.