Google Associate Cloud Engineer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
At a large tech company, an external business partner requests access to a sensitive file stored in your Cloud Storage. The partner does not use Google accounts, and due to the data's sensitivity, access must be revoked after five hours. Following Google's recommended practices, what is the best course of action?
Explanation:
Option B is correct because a signed URL provides limited-time access to a resource without requiring the recipient to have a Google account. It includes authentication in the query string, allowing the holder to perform specific actions within a set timeframe. This method securely shares sensitive data by automatically revoking access after the specified period.
Option A is incorrect as configuring a bucket as a static website exposes the data publicly, compromising security. Option C is flawed because making an object public is inherently insecure, and manual intervention to revoke access is unreliable. Option D, while secure, is unnecessarily complex and involves manual steps that may not guarantee timely access revocation.
For more details, refer to Google's documentation on signed URLs.