Answer-first summary for fast verification
Answer: Set up Cloud Identity-Aware Proxy for SSH and TCP resources.
**A** is the correct choice because Cloud Identity-Aware Proxy (IAP) enables SSH access to VMs without external IPs or direct internet access, without requiring network configuration changes. This solution automatically applies to new VMs in the project. **B** and **D** are incorrect as SSH keypairs do not solve the lack of public IPs. **C** is incorrect because HTTPS configuration does not support SSH or TCP access. **D** is also a security risk due to the exposure of private keys. For more details, refer to [Google Cloud IAP documentation](https://cloud.google.com/iap/docs/using-tcp-forwarding#tunneling_ssh_connections) and [this Medium article](https://medium.com/google-cloud/how-to-ssh-into-your-gce-machine-without-a-public-ip-4d78bd23309e).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are developing a noise reduction application with multiple Linux machines on Compute Engine. These VMs lack public IPs, yet you require SSH access over the internet without network configuration changes. Additionally, any new VMs added should not need extra setup. What is the best approach?
A
Set up Cloud Identity-Aware Proxy for SSH and TCP resources.
B
Generate an SSH keypair and save the public key as a project-wide SSH Key.
C
Configure Cloud Identity-Aware Proxy for HTTPS resources.
D
Generate an SSH keypair and save the private key as a project-wide SSH Key.
No comments yet.