Answer-first summary for fast verification
Answer: Grant no Google Cloud Identity and Access Management (Cloud IAM) roles to users, and use granular ACLs on the bucket.
The correct answer is **C** because it adheres to the principle of least privilege, ensuring users have only the necessary access rights, thereby minimizing the risk of unauthorized access to sensitive data. This approach is recommended for handling PII and sensitive information securely. - **Option A** is incorrect as relying on randomized names and public access is considered security through obscurity, which is not a reliable security measure. - **Option B** is incorrect because signed URLs, while useful for temporary access, can be compromised if the URL is shared or leaked. - **Option D** is incorrect as granting read-only access to all users is overly permissive and does not align with the least privilege principle. For more details, refer to the [GCP documentation on Cloud Storage Access Control](https://cloud.google.com/storage/docs/access-control).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your customer is transitioning their storage product to Google Cloud Storage (GCS), which includes personally identifiable information (PII) and sensitive customer data. What is the recommended security strategy for GCS in this scenario?
A
Create randomized bucket and object names. Enable public access, but only provide specific file URLs to people who do not have Google accounts and need access.
B
Use signed URLs to generate time-bound access to objects.
C
Grant no Google Cloud Identity and Access Management (Cloud IAM) roles to users, and use granular ACLs on the bucket.
D
Grant IAM read-only access to users, and use default ACLs on the bucket.