Answer-first summary for fast verification
Answer: Enable the constraints/storage.publicAccessPrevention constraint at the organization level.
Option B is the correct answer because it directly addresses the requirement to prevent users from making bucket objects publicly accessible with minimal operational overhead. The storage.publicAccessPrevention organization policy constraint proactively prevents any public access to Cloud Storage buckets and objects across the entire organization, applying to both existing and future buckets. This requires a one-time configuration at the organization level, eliminating the need for ongoing maintenance. Option A creates operational overhead through hourly cron jobs and manual remediation. Option C (uniformBucketLevelAccess) manages access control but doesn't specifically prevent public exposure. Option D (VPC Service Controls) focuses on service perimeter security rather than preventing public bucket access specifically.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to enforce a security policy in your Google Cloud organization that prevents users from making bucket objects publicly accessible. No buckets currently exist in the organization. Which solution should you proactively implement to achieve this goal with minimal operational overhead?
A
Create an hourly cron job to run a Cloud Function that finds public buckets and makes them private.
B
Enable the constraints/storage.publicAccessPrevention constraint at the organization level.
C
Enable the constraints/storage.uniformBucketLevelAccess constraint at the organization level.
D
Create a VPC Service Controls perimeter that protects the storage.googleapis.com service in your projects that contains buckets. Add any new project that contains a bucket to the perimeter.
No comments yet.