Answer-first summary for fast verification
Answer: Create a firewall rule to allow access from the Identity-Aware Proxy (IAP) IP range. Grant the role of an IAP-secured Tunnel User to the administrators.
Option C is the optimal choice because it uses Identity-Aware Proxy (IAP), a Google-managed service that provides secure, identity-based access without requiring public IPs on the VMs. This enhances security by enforcing context-aware access controls and reduces costs by eliminating the need for additional infrastructure like VPN gateways or jump hosts. The community discussion strongly supports C (89% consensus), highlighting IAP's managed security benefits and cost-effectiveness. Option A (site-to-site VPN) is less cost-effective for occasional access due to ongoing VPN costs. Option B (public IPs with firewall rules) exposes VMs to the internet, reducing security. Option D (jump host) incurs additional VM and maintenance costs, making it less efficient than the managed IAP solution.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have multiple private Google Compute Engine virtual machines that you occasionally need to access via SSH from a remote location. You want to configure this remote access to be both highly secure and cost-effective.
What should you do?
A
Create a site-to-site VPN from your corporate network to Google Cloud.
B
Configure server instances with public IP addresses. Create a firewall rule to only allow traffic from your corporate IPs.
C
Create a firewall rule to allow access from the Identity-Aware Proxy (IAP) IP range. Grant the role of an IAP-secured Tunnel User to the administrators.
D
Create a jump host instance with public IP. Manage the instances by connecting through the jump host.
No comments yet.