Answer-first summary for fast verification
Answer: Create a retention policy on the bucket for the duration of 5 years. Create a lock on the retention policy.
The correct answer is A. Creating a retention policy on the bucket for the duration of 5 years and creating a lock on the retention policy ensures that all current and future objects in the bucket cannot be deleted or replaced until they reach the age defined in the retention policy. This setup meets the requirement that the documents cannot be deleted or overwritten for the next 5 years. Once the retention policy is locked, it cannot be removed or reduced, making it a secure way to enforce compliance requirements. Options B, C, and D do not provide the necessary guarantee that the documents cannot be deleted or overwritten for the specified period.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As a cloud architect at a financial institution, you are responsible for managing the storage of mortgage loan approval documents on Google Cloud Storage. The institution's compliance policy requires that once approval documents are uploaded, they cannot be deleted or modified for a minimum period of 5 years. Any changes to these documents must be made by uploading a new version as a separate file. How would you ensure that the documents cannot be deleted or overwritten for the next 5 years?
A
Create a retention policy on the bucket for the duration of 5 years. Create a lock on the retention policy.
B
Create the bucket with uniform bucket-level access, and grant a service account the role of Object Writer. Use the service account to upload new files.
C
Use a customer-managed key for the encryption of the bucket. Rotate the key after 5 years.
D
Create the bucket with fine-grained access control, and grant a service account the role of Object Writer. Use the service account to upload new files.
No comments yet.