Answer-first summary for fast verification
Answer: Configure uniform bucket-level access, and enforce domain restricted sharing in an organization policy.
Option C is correct because it combines two effective security controls: uniform bucket-level access (which disables legacy ACLs and ensures IAM policies are the only access control mechanism, preventing public internet access) and domain restricted sharing (which restricts sharing to specific domains, further preventing public access). Option A is insufficient as Cloud DLP focuses on data classification and protection, not access control. Option B is incomplete as removing Owner roles alone doesn't prevent public access through other means. Option D is overly restrictive and impractical, as removing *.setIamPolicy permissions would break legitimate IAM management functions across the organization. The community discussion shows unanimous support for C with upvoted comments referencing official Google documentation.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to ensure that no Cloud Storage buckets in your organization can have data publicly accessible on the internet and want to enforce this for all buckets. What should you do?
A
Remove Owner roles from end users, and configure Cloud Data Loss Prevention.
B
Remove Owner roles from end users, and enforce domain restricted sharing in an organization policy.
C
Configure uniform bucket-level access, and enforce domain restricted sharing in an organization policy.
D
Remove *.setIamPolicy permissions from all roles, and enforce domain restricted sharing in an organization policy.
No comments yet.