Answer-first summary for fast verification
Answer: Avoid granting any Google Cloud IAM roles to users and utilize granular ACLs on the bucket.
The correct answer is **C** because it adheres to the principle of least privilege, significantly reducing the risk of unauthorized access to sensitive data. - **Option A** is incorrect due to the potential risk of URL leakage, which could allow unauthorized access to the data. - **Option B** is overly permissive, as users only need specific permissions to access the data, not read-only access to everything. - **Option D** is flawed because relying on randomized names and public access does not provide real security, a concept known as 'security through obscurity.' For more details, consult the [GCP documentation on Cloud Storage Access Control](https://cloud.google.com/storage/docs/access-control).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your customer is transitioning their storage solution to Google Cloud Storage (GCS), which includes personally identifiable information (PII) and sensitive customer data. What is the most secure strategy to implement in GCS for this scenario?
A
Generate time-bound access to objects using signed URLs.
B
Assign IAM read-only permissions to users and apply default ACLs on the bucket.
C
Avoid granting any Google Cloud IAM roles to users and utilize granular ACLs on the bucket.
D
Implement randomized names for buckets and objects, enable public access, and distribute specific file URLs to non-Google account holders requiring access.
No comments yet.