Answer: Assign predefined IAM roles to the Google Groups you created in order to enforce security requirements. Utilize Google's default encryption at rest when storing files in Cloud Storage.

The question emphasizes using Google best practices and the simplest design. For IAM, Google recommends predefined roles over custom roles unless specific granular permissions are needed, as predefined roles are maintained by Google and follow the principle of least privilege by default. Custom roles require ongoing management and are not automatically updated. For encryption, Google's default encryption at rest (AES-256) is enabled automatically for Cloud Storage, meeting security requirements without additional configuration, aligning with the 'simplest design' directive. Options A and B suggest custom IAM roles, which are more complex to manage. Option D mentions setting a default Cloud KMS key, which adds unnecessary complexity since default encryption is already provided. The community discussion shows a strong consensus (75% for C) that predefined roles and default encryption are the simplest and most aligned with Google best practices, as highlighted in comments emphasizing 'simplest design' and references to Google documentation.

Author: LeetQuiz Editorial Team