Answer-first summary for fast verification
Answer: Execute the command `gcloud compute instances add-metadata [INSTANCE_NAME] --metadata block-project-ssh-keys=TRUE` to block the access.
The correct answer is **A** because project-wide SSH access can be blocked by setting the `--metadata block-project-ssh-keys` parameter to `TRUE` at the instance level. This ensures the instance only accepts SSH keys specified in its own metadata, ignoring project-wide keys. Refer to the [GCP documentation on Compute Block Project Keys](https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#block-project-keys) for more details. Options B, C, and D are incorrect for the following reasons: B suggests that project-wide access cannot be blocked, which is false; C uses the wrong command level (project-info instead of instances); and D incorrectly sets the parameter to `FALSE`, which allows project-wide keys.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are responsible for ensuring that only the operations team's public SSH keys are accessible on a specific Bastion host instance within a particular project, despite project-wide access already being granted to all instances. What is the most efficient method to override or block the project-level access on the Bastion host?
A
Execute the command gcloud compute instances add-metadata [INSTANCE_NAME] --metadata block-project-ssh-keys=TRUE to block the access.
B
Project-wide SSH access cannot be overridden or blocked and must be removed entirely.
C
Use the command gcloud compute project-info add-metadata [INSTANCE_NAME] --metadata block-project-ssh-keys=FALSE to block the access.
D
Run the command gcloud compute instances add-metadata [INSTANCE_NAME] --metadata block-project-ssh-keys=FALSE to block the access.
No comments yet.