Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

cloud + > 6A - Secure a Network in a Cloud Environment > Flashcards

6A - Secure a Network in a Cloud Environment Flashcards

1
Q

You are the cloud operations manager for a shipping and distribution company. Your company utilizes Google Cloud infrastructure to deliver a virtual desktop interface (VDI) to employees. Your company has tasked you with configuring SSH access to the virtual machine (VM) instances for a group of newly-hired employees. The OS Login service provided by Google Cloud will configure PAM Modules. The PAM modules will provide authorization and authentication support to use Google Cloud IAM permissions. This type of support controls SSH access, using an Identity and Access Management (IAM) framework.

Configuration requirements are as follows:
Keys must be SSH-2 RSA public-private key pairs with a minimum length of 2048 bits.
Enable OS Login using the gcloud command-line interface (CLI)
Enable OS Login using the gcloud command-line interface (CLI)
VMs run Ubuntu 20.04 LTS
PROJECT_ID of VM instances will be ship001 and the geographic zone is
Authentication will occur on company-provided Linux devices.
Configure an OpenSSH server to obtain biometric authentication (who you are) or RFID access tags (what you have) from the company-provided Linux devices, using the NSS (Name Service Switch) OS subsystem.
Configure the PAM configuration file, sshd_config, to disable passwords, as the system will use SSH-authenticated biometrics instead.
Google Compute Engine, used through Google Cloud Console or the gcloud CLI, sets a username and generates an ephemeral SSH key pair for each user, before resolving each provided username to the corresponding OS Login account in the VM using NSS service modules.
The SSH key is then retrieved from the corresponding account and provided to OpenSSH in the VM using the SSH authorized keys command.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

key bit length

A

2,048

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

key format

A

SSH-2 RSA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

enable OS login with gcloud command

A

enable-oslogin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

token 2

A

auth,
sufficient,
pam_fprintf.so,
N/A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

edit the standard SSH privilegad access module (PAM) located by default at / _____ /pam.d/ _____

A

blank 1
etc

blank 2
sshd

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

in the google cloud console, grant a standard user role for each new user

A

roles/iam.serviceAssountUser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

token 1

A

auth,
required,
pam_google_authentucator.so,
N/A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

after spinning up a virtual machine (VM) instance renning ________ you show the new users how to access an instance using the following gcloud command

A

Ubuntu 20.04.LTS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

gcloud compute ssh-project= ______ -zone = _______

A

ship001,
us-central1-a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

cloud + (27 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions