I thought operations team doesn't need SSH access to manage VMs. All it needs is Cloud Shell with the Cloud SDK and gcloud tools. Maybe A is correct answer.

This is the official answer. No more argue. A. Grant operations team access to use Cloud Shell. ✅ A - The operations team doesn't actually need SSH access to manage VMs. All it needs is Cloud Shell with the Cloud SDK and gcloud tools. Cloud Shell provides all the tools for managing Compute Engine instances. In this case the assumption that SSH access is needed is incorrect. Business requirement: "Improve security by defining and adhering to a set of security and Identity and Access Management (IAM) best practices for cloud." B - A VPN is a way to connect from remote to the internal IP of an instance. If SSH is blocked everywhere, this work-around won't help. C - Developing an application that would use the Cloud API would be redundant with the gcloud command line tool. D - An application the provides temporary access to SSH is basically just violating the security practices.

While Google Cloud Shell provides access to the GCP console and some tools, it might not offer the full functionality needed for managing VMs, containers, and Cloud Storage objects. Additionally, granting shell access to the entire console carries a higher security risk.

A is OK

Old Case Study - Should be removed

vote A

We could misunderstand the question. It's not talking about SSH into the instance to deploy the images. The team only needs an environment to build and publish to the repositories.

A. Grant the operations engineer access to use Google Cloud Shell.

Answer is A

Answer is A

how cloudshell works to login to vms if we block port 22 in the firewall rules for external access? try this in your environment and see if it works.....not A. if we dont block external access, then cloudshell will be good option in this case.

Answer A - With Cloud Shell can manage your resources with its online terminal preloaded with utilities.

A will be considered as the final decision, I promise

ans is A ..When the ops team login through cloud shell, the credential acc is there. the ops team engineer typically has all the necessary permission required to manage system such as - build, push docker and manage. when the team execute command from cloud shell the command will excecute through there credential acc and succed as log as they have permission ehich they should as ops team. may not able to ssh but i am role let them to carry out action like start ,stop ,terminate all don't need ssh .

A is wrong. how do you push a docker image from your on-prem server to GCP with cloud shell? B is the only option.

My choice is A

I'll go with A