Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

Explanation:

The question requires a permanent retention policy for record data in Cloud Storage for at least seven years. Option D is correct because it includes: (1) identifying buckets with record data, (2) applying a retention policy set to seven years, and (3) enabling bucket lock. Bucket lock makes the retention policy immutable and permanent, which aligns with the requirement. Option A is insufficient as it relies on monitoring, which does not enforce permanence. Option B is incorrect because removing IAM roles does not prevent policy changes if other roles exist and does not ensure permanence. Option C is flawed as 'bucket policy only' is unrelated to retention, and enabling bucket lock without first setting a retention policy is incomplete. The community discussion unanimously supports D, citing Google's documentation on bucket lock for enforcing immutable retention policies.

Explanation:

Comments (0)

No comments yet.

Your organization's data is stored in Cloud Storage and must be retained for a minimum of seven years with a permanent, unchangeable policy. What should you do?

Exam-Like

Identify buckets with record data.
Apply a retention policy, and set it to retain for seven years.
Monitor the bucket by using log-based alerts to ensure that no modifications to the retention policy occurs.

0.0%

Identify buckets with record data.
Apply a retention policy, and set it to retain for seven years.
Remove any Identity and Access Management (IAM) roles that contain the storage buckets update permission.

0.0%

Identify buckets with record data.
Enable the bucket policy only to ensure that data is retained.
Enable bucket lock.

Identify buckets with record data.
Apply a retention policy and set it to retain for seven years.
Enable bucket lock.

100.0%