Google Professional Cloud Developer

Get started today

Ultimate access to all questions.

Explanation:

The correct answer is generating a signed URL for each document. Signed URLs provide time-limited access to specific Cloud Storage objects. When generating the URL, an expiration time can be configured, after which the URL becomes invalid, automatically revoking access. This aligns with the requirement to revoke access after a configurable period.

Other options are unsuitable:

A (signed policy documents) applies to buckets and multiple objects, which is overkill for per-document sharing.
B (ACLs) lack built-in time-based revocation.
D (IAM role to all authenticated users) grants overly broad access without time constraints.

Explanation:

Other options are unsuitable:

A (signed policy documents) applies to buckets and multiple objects, which is overkill for per-document sharing.
B (ACLs) lack built-in time-based revocation.
D (IAM role to all authenticated users) grants overly broad access without time constraints.

Comments (0)

No comments yet.

How can you configure Cloud Storage to enable secure document sharing with external users while automatically revoking access after a configurable time period in a document sharing platform?

Exam-Like

Create signed policy documents on the Cloud Storage bucket.

0.0%

Apply access control list (ACL) permissions to the Cloud Storage bucket.

9.4%

Generate a signed URL for each document the user wants to share.

90.6%

Grant the Storage Object Viewer IAM role to all authenticated users.