Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: 1. Change the bucket permissions to limit access. 2. Query the bucket's usage logs to report on unauthorized access to the data. 3. Enforce the organization policy storage.publicAccessPrevention to avoid regressions.

Option C is the most comprehensive and appropriate choice because it addresses all three critical aspects of incident response for public Cloud Storage buckets: immediate remediation by changing bucket permissions to limit access, investigation by querying bucket usage logs to assess the impact of unauthorized access, and prevention of future regressions by enforcing the storage.publicAccessPrevention organization policy. This aligns with Google Cloud security best practices and the community consensus, which highlights that usage logs are specifically designed to track access from public grants (allUsers/allAuthenticatedUsers), and the organization policy provides a proactive control to prevent similar misconfigurations. Option A lacks the specific storage.publicAccessPrevention policy, Option B's VPC Service Controls and administrator logs are less directly relevant to public bucket access, and Option D omits the preventive policy and suggests muting the finding, which is not a security best practice.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your organization has the Security Command Center (SCC) Premium tier activated. Several Cloud Storage buckets were inadvertently configured with public access. You need to investigate the impact of this misconfiguration and remediate it.

What should you do?

Exam-Like

Remove the Identity and Access Management (IAM) granting access to all Users from the buckets.
Apply the organization policy storage.uniformBucketLevelAccess to prevent regressions.
Query the data access logs to report on unauthorized access.

50.0%

Change permissions to limit access for authorized users.
Enforce a VPC Service Controls perimeter around all the production projects to immediately stop any unauthorized access.
Review the administrator activity audit logs to report on any unauthorized access.

0.0%

Change the bucket permissions to limit access.
Query the bucket's usage logs to report on unauthorized access to the data.
Enforce the organization policy storage.publicAccessPrevention to avoid regressions.

50.0%

Change bucket permissions to limit access.
Query the data access audit logs for any unauthorized access to the buckets.
After the misconfiguration is corrected, mute the finding in the Security Command Center.

Google Professional Cloud Security Engineer

Get started today

Quick Answer

Quick Answer

Comments (0)

Get started today

Your organization has the Security Command Center (SCC) Premium tier activated. Several Cloud Storage buckets were inadvertently configured with public access. You need to investigate the impact of this misconfiguration and remediate it. What should you do?

Comments (0)

Your organization has the Security Command Center (SCC) Premium tier activated. Several Cloud Storage buckets were inadvertently configured with public access. You need to investigate the impact of this misconfiguration and remediate it.

What should you do?