Practice Test 3 | Google Cloud Certified Professional Cloud Architect | Dumps | Mock Test
Your customer is moving their storage product to Google Cloud Storage (GCS). The data contains personally identifiable
information (PII) and sensitive customer information. What security strategy should you use for GCS?
A. Use signed URLs to generate time bound access to objects.
B. Grant IAM read-only access to users and use default ACLs on the bucket.
C. Do not grant any Access Management (Cloud IAM) roles to users belonging to Cloud Identity and use granular ACLs on the bucket.
D. Create randomized bucket and object names. Enable public access, but only provide specific file URLs to people who do not have Google accounts and need access.
Correct Answer: C
Option C is correct – This grants the least privilege required to access the data and minimizes the risk of accidentally granting access to the wrong people.
Option A is incorrect. Signed URLs could potentially be leaked.
Option B is incorrect. This is needlessly permissive, users only require one permission in order to get access.
Option D is incorrect – This is security through obscurity, also known as no security at all.
Comments are closed, but trackbacks and pingbacks are open.