Answer-first summary for fast verification
Answer: Ask the operations partner to generate SSH key pairs and add the public keys to the VM instances.
Option B is correct because it allows the third-party service provider to securely access the VMs using SSH keys, ensuring that only authorized users with the corresponding private key can gain access. This method does not require Google Accounts and is a common practice for granting SSH access to external parties. Options A, C, and D are incorrect because they either do not directly enable SSH access (A and C) or may expose the VMs to unauthorized access (D). Links: [Adding SSH Keys](https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys), [Managing User Access](https://cloud.google.com/compute/docs/instances/access-overview#managing_user_access).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company is piloting a project to outsource the management of their Linux Compute Engine VMs to a third-party service provider. This provider does not use Google Accounts but requires SSH access to perform their tasks. What is the most secure method to enable their access?
A
Set up a Cloud VPN between your Google Cloud VPC and the internal network of the operations partner.
B
Ask the operations partner to generate SSH key pairs and add the public keys to the VM instances.
C
Activate and Enable Cloud IAP for the Compute Engine instances and provide the operations partner with Cloud IAP Tunnel User permission.
D
Add the same network tag to all VMs and grant TCP access on port 22 for traffic from the operations partner to instances with the network tag using a firewall rule.
No comments yet.