Answer-first summary for fast verification
Answer: Set up Uniform bucket-level access on the Cloud Storage bucket and manage access for users using IAM.
The correct answer is D because it addresses all requirements: (1) It avoids managing access to individual objects by using Uniform bucket-level access, which centralizes permissions at the bucket level via IAM; (2) It prevents uploaders from automatically having full control, as Uniform bucket-level access disables per-object ACLs (which grant OWNER permissions to uploaders by default); and (3) It supports Cloud Audit Logs for access management, as IAM integrates with audit logging. Options A and B are incorrect because they use ACLs with allUsers scope, which grants public access and does not prevent uploader control, and they require per-object management. Option C is incorrect because default bucket ACLs still rely on ACLs, which grant uploaders OWNER permissions and do not fully centralize control via IAM.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are the security administrator for your company. You have a Cloud Storage bucket containing 3,000 objects and do not want to manage access permissions for each object individually. You also want to prevent the uploader of an object from automatically having full control over it. Your requirement is to manage bucket access using Cloud Audit Logs. What should you do?
A
Set up an ACL with OWNER permission to a scope of allUsers.
B
Set up an ACL with READER permission to a scope of allUsers.
C
Set up a default bucket ACL and manage access for users using IAM.
D
Set up Uniform bucket-level access on the Cloud Storage bucket and manage access for users using IAM.
No comments yet.