Answer-first summary for fast verification
Answer: Create a service account with minimal permissions to access the bucket files. Generate a JSON key for this account. Use the command `gsutil signurl -d 1h gs:///**`.
The correct approach involves creating a service account with just the necessary permissions to access the bucket files, generating a JSON key for this account, and then using the `gsutil signurl -d 1h` command to create a signed URL that expires after 1 hour. The `-d` flag correctly specifies the duration for the URL's validity. Other options either use incorrect flags (`-t`, `-p`, `-m`) which are not supported for specifying time, or violate the principle of least privilege by using the Default Compute Engine Service Account. For more details, refer to [Google's documentation on gsutil signurl](https://cloud.google.com/storage/docs/gsutil/commands/signurl).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to share files from a Cloud Storage bucket with your suppliers for a limited time of 1 hour, following Google's recommended practices. What is the best approach?
A
Create a service account with minimal permissions to access the bucket files. Generate a JSON key for this account. Use the command gsutil signurl -p 60m gs:///.
B
Create a service account with minimal permissions to access the bucket files. Generate a JSON key for this account. Use the command gsutil signurl -d 1h gs:///**.
C
Generate a JSON key for the Default Compute Engine Service Account. Use the command gsutil signurl -t 60m gs:///*.*.
D
Create a service account with minimal permissions to access the bucket files. Generate a JSON key for this account. Use the command gsutil signurl -m 1h gs:///*.
No comments yet.