- Email support@dumps4free.com
You need to ensure your personal SSH key works on every instance in your project. You
want to accomplish this as efficiently as possible.
What should you do?
A.
Upload your public ssh key to the project Metadata
B.
Upload your public ssh key to each instance Metadata.
C.
Create a custom Google Compute Engine image with your public ssh key embedded
D.
Use gcloud compute ssh to automatically copy your public ssh key to the instance
Upload your public ssh key to the project Metadata
Overview By creating and managing SSH keys, you can let users access a Linux instance
through third-party tools. An SSH key consists of the following files: A public SSH key file
that is applied to instance-level metadata or project-wide metadata. A private SSH key file
that the user stores on their local devices. If a user presents their private SSH key, they
can use a third-party tool to connect to any instance that is configured with the matching
public SSH key file, even if they aren't a member of your Google Cloud project. Therefore,
you can control which instances a user can access by changing the public SSH key
metadata for one or more instances.
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#addkey
Your organization has a single project that contains multiple Virtual Private Clouds (VPCs).
You need to secure API access to your Cloud Storage buckets and BigQuery datasets by
allowing API access only from resources in your corporate public networks. What should
you do?
A.
Create an access context policy that allows your VPC and corporate public network IP
ranges, and then attach the policy to Cloud Storage and BigQuery.
B.
Create a VPC Service Controls perimeter for your project with an access context policy
that allows your corporate public network IP ranges.
C.
Create a firewall rule to block API access to Cloud Storage and BigQuery from
unauthorized networks.
D.
Create a VPC Service Controls perimeter for each VPC with an access context policy
that allows your corporate public network IP ranges.
Create a VPC Service Controls perimeter for your project with an access context policy
that allows your corporate public network IP ranges.
You need to configure a static route to an on-premises resource behind a Cloud VPN
gateway that is configured for policy-based routing using the gcloud command.
Which next hop should you choose?
A.
The default internet gateway
B.
The IP address of the Cloud VPN gateway
C.
The name and region of the Cloud VPN tunnel
D.
The IP address of the instance on the remote side of the VPN tunnel
The name and region of the Cloud VPN tunnel
When you create a route based tunnel using the Cloud Console, Classic VPN performs
both of the following tasks: Sets the tunnel's local and remote traffic selectors to any IP
address (0.0.0.0/0) For each range in Remote network IP ranges, Google Cloud creates a
custom static route whose destination (prefix) is the range's CIDR, and whose next hop is
the tunnel. https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-staticvpns
Reference: https://cloud.google.com/vpn/docs/how-to/creating-static-vpns
You are the Organization Admin for your company. One of your engineers is responsible
for setting up multiple host projects across multiple folders and sharing subnets with
service projects. You need to enable the engineer's Identity and Access Management
(IAM) configuration to complete their task in the fewest number of steps. What should you
do?
A.
Set up the engineer with Compute Shared VPC Admin IAM role at the folder level.
B.
Set up the engineer with Compute Shared VPC Admin IAM role at the organization level.
C.
Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin
role at the folder level.
D.
Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin
role at the organization level.
Set up the engineer with Compute Shared VPC Admin IAM role at the organization level.
You need to centralize the Identity and Access Management permissions and email
distribution for the WebServices Team as efficiently as possible.
What should you do?
A.
Create a Google Group for the WebServices Team.
B.
Create a G Suite Domain for the WebServices Team.
C.
Create a new Cloud Identity Domain for the WebServices Team.
D.
Create a new Custom Role for all members of the WebServices Team.
Create a Google Group for the WebServices Team.
| Page 8 out of 31 Pages |
| Previous |