Google Associate Cloud Engineer

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

You need to share a Cloud Storage object with an external user for 4 hours only. Best solution?

Simulated

Community

RRodrigo

Last updated: January 24, 2026 at 15:46

Make bucket public temporarily

Signed URL with expiration

Create a Google account

Use VPC Service Controls

Explanation:

Explanation

Correct Answer: B) Signed URL with expiration

Why this is the best solution:

Time-limited access: Signed URLs can be configured with a specific expiration time (4 hours in this case), after which the URL becomes invalid.
Secure sharing: The object remains private in the bucket - only users with the signed URL can access it.
No authentication required: External users don't need Google accounts to access the object.
No bucket policy changes: The bucket remains private, maintaining security.

Why other options are incorrect:

A) Make bucket public temporarily: This is insecure as it exposes the entire bucket to the public internet, not just the specific object for the specific user.
C) Create a Google account: This is unnecessary overhead for temporary access and requires the external user to have/manage a Google account.
D) Use VPC Service Controls: This is for network perimeter security and doesn't address temporary object sharing with external users.

How to implement:

# Generate a signed URL with 4-hour expiration
gsutil signurl -d 4h key.json gs://bucket-name/object-name

# Generate a signed URL with 4-hour expiration
gsutil signurl -d 4h key.json gs://bucket-name/object-name

This approach provides the precise, time-limited, secure access required for the scenario.

Powered ByGPT-5.2

Loading comments...