Answer-first summary for fast verification
Answer: Generate a signed URL with a five-hour expiration and share this URL with the partner.
Option B is correct because a signed URL provides limited-time access to a resource without requiring the recipient to have a Google account. It includes authentication in the query string, allowing the holder to perform specific actions within a set timeframe. This method securely shares sensitive data by automatically revoking access after the specified period. Option A is incorrect as configuring a bucket as a static website exposes the data publicly, compromising security. Option C is flawed because making an object public is inherently insecure, and manual intervention to revoke access is unreliable. Option D, while secure, is unnecessarily complex and involves manual steps that may not guarantee timely access revocation. For more details, refer to Google's documentation on [signed URLs](https://cloud.google.com/storage/docs/access-control/signed-urls).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
At a large tech company, an external business partner requests access to a sensitive file stored in your Cloud Storage. The partner does not use Google accounts, and due to the data's sensitivity, access must be revoked after five hours. Following Google's recommended practices, what is the best course of action?
A
Configure the storage bucket as a static website and provide the object's URL to the company, then delete the object after five hours.
B
Generate a signed URL with a five-hour expiration and share this URL with the partner.
C
Set the object's access to 'public', share the URL, and manually revert to private after five hours.
D
Create a new Cloud Storage bucket for the partner, copy the object there, and delete the bucket after five hours.