Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Security Engineer Exam - Topic 2 Question 53 Discussion

You need to enforce a security policy in your Google Cloud organization that prevents users from exposing objects in their buckets externally. There are currently no buckets in your organization. Which solution should you implement proactively to achieve this goal with the least operational overhead?
B) Enable the constraints/storage.publicAccessPrevention constraint at the organization level.
A) Create an hourly cron job to run a Cloud Function that finds public buckets and makes them private.
C) Enable the constraints/storage.uniformBucketLevelAccess constraint at the organization level.
D) Create a VPC Service Controls perimeter that protects the storage.googleapis.com service in your projects that contains buckets. Add any new project that contains a bucket to the perimeter.

Google Professional Cloud Security Engineer Exam - Topic 2 Question 53 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam
Question #: 53
Topic #: 2
[All Professional Cloud Security Engineer Questions]

You need to enforce a security policy in your Google Cloud organization that prevents users from exposing objects in their buckets externally. There are currently no buckets in your organization. Which solution should you implement proactively to achieve this goal with the least operational overhead?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Rickie at Sep 18, 2022, 01:22 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Mitsue
7 months ago
Not sure about D, seems like overkill for no buckets yet.
upvoted 0 times
...
Laila
7 months ago
Wait, can we really prevent public access at the org level?
upvoted 0 times
...
Luisa
7 months ago
Totally agree with B, less overhead for sure!
upvoted 0 times
...
Daniel
8 months ago
I think A sounds easier, but it’s not really proactive.
upvoted 0 times
...
Cherri
8 months ago
Option B is the best choice for proactive security!
upvoted 0 times
...
Curtis
8 months ago
I recall VPC Service Controls being useful, but it seems more complex than necessary for just preventing public access. Option D might be overkill for this scenario.
upvoted 0 times
...
Shenika
8 months ago
I practiced a similar question, and I feel like using a cron job like in option A would be too reactive. We need something proactive, right?
upvoted 0 times
...
Tarra
8 months ago
I'm not entirely sure, but I remember something about uniform bucket-level access being important for managing permissions. Maybe option C could be relevant too?
upvoted 0 times
...
Amira
8 months ago
I think option B sounds right because it directly prevents public access at the organization level, which seems the most efficient.
upvoted 0 times
...
Sarah
8 months ago
I've got a strategy - I'll eliminate the options I'm sure are wrong first, then decide between the remaining ones.
upvoted 0 times
...
Kate
8 months ago
I've got a good feeling about this one. FILESYSTEMIO_OPTIONS and TAPE_ASYNCH_IO seem like they could be relevant initialization parameters for backup and recovery.
upvoted 0 times
...
Gail
8 months ago
I'm a little confused by the different ways the code is accessing the best model. I'll need to double-check the documentation on the AutoMLConfig class to make sure I understand the correct way to retrieve the best model.
upvoted 0 times
...

Save Cancel