Explanation:
The correct answer is C because it adheres to the principle of least privilege, ensuring users have only the necessary access rights, thereby minimizing the risk of unauthorized access to sensitive data. This approach is recommended for handling PII and sensitive information securely.
For more details, refer to the GCP documentation on Cloud Storage Access Control.
Ultimate access to all questions.
Your customer is transitioning their storage product to Google Cloud Storage (GCS), which includes personally identifiable information (PII) and sensitive customer data. What is the recommended security strategy for GCS in this scenario?
A
Create randomized bucket and object names. Enable public access, but only provide specific file URLs to people who do not have Google accounts and need access.
B
Use signed URLs to generate time-bound access to objects.
C
Grant no Google Cloud Identity and Access Management (Cloud IAM) roles to users, and use granular ACLs on the bucket.
D
Grant IAM read-only access to users, and use default ACLs on the bucket.
No comments yet.