Answer-first summary for fast verification
Answer: Create a service account with upload permissions to the bucket, a JSON key for it, and execute `gsutil signurl -m PUT -d 4h gs:///po.pdf`.
The correct approach involves creating a service account with minimal necessary permissions (upload to the bucket), generating a JSON key for this account, and using the `gsutil signurl` command with the `-m PUT` flag to specify the HTTP method for uploading. This ensures the signed URL is valid for 4 hours and restricts the operation to the specified file (`po.pdf`), adhering to the principle of least privilege and Google's recommended practices. Other options either misuse the `gsutil signurl` command parameters or violate security best practices by using overly permissive service accounts.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your supplier needs to upload a purchase order to a cloud storage bucket within the next 4 hours without having a Google account. Following Google's recommended practices, what should you do?
A
Create a JSON key for the Default Compute Engine Service Account and execute the command gsutil signurl -m PUT -d 4h gs:///**.
B
Create a service account with upload permissions to the bucket, a JSON key for it, and execute gsutil signurl -httpMethod PUT -d 4h gs:///**.
C
Create a service account with upload permissions to the bucket, a JSON key for it, and execute gsutil signurl -d 4h gs:///.
D
Create a service account with upload permissions to the bucket, a JSON key for it, and execute gsutil signurl -m PUT -d 4h gs:///po.pdf.
No comments yet.