Google Professional Cloud Security Engineer Exam - Topic 2 Question 53 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 53
Topic #: 2

[All Professional Cloud Security Engineer Questions]

You need to enforce a security policy in your Google Cloud organization that prevents users from exposing objects in their buckets externally. There are currently no buckets in your organization. Which solution should you implement proactively to achieve this goal with the least operational overhead?

ACreate an hourly cron job to run a Cloud Function that finds public buckets and makes them private.

BEnable the constraints/storage.publicAccessPrevention constraint at the organization level.

CEnable the constraints/storage.uniformBucketLevelAccess constraint at the organization level.

DCreate a VPC Service Controls perimeter that protects the storage.googleapis.com service in your projects that contains buckets. Add any new project that contains a bucket to the perimeter.

Show Suggested Answer

Suggested Answer: B

by Rickie at Sep 18, 2022, 01:22 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Security Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Mitsue

4 months ago

Not sure about D, seems like overkill for no buckets yet.

upvoted 0 times

...

Laila

4 months ago

Wait, can we really prevent public access at the org level?

upvoted 0 times

...

Luisa

4 months ago

Totally agree with B, less overhead for sure!

upvoted 0 times

...

Daniel

4 months ago

I think A sounds easier, but it’s not really proactive.

upvoted 0 times

...

Cherri

4 months ago

Option B is the best choice for proactive security!

upvoted 0 times

...

Curtis

5 months ago

I recall VPC Service Controls being useful, but it seems more complex than necessary for just preventing public access. Option D might be overkill for this scenario.

upvoted 0 times

...

Shenika

5 months ago

I practiced a similar question, and I feel like using a cron job like in option A would be too reactive. We need something proactive, right?

upvoted 0 times

...

Tarra

5 months ago

I'm not entirely sure, but I remember something about uniform bucket-level access being important for managing permissions. Maybe option C could be relevant too?

upvoted 0 times

...

Amira

5 months ago

I think option B sounds right because it directly prevents public access at the organization level, which seems the most efficient.

upvoted 0 times

...

Sarah

5 months ago

I've got a strategy - I'll eliminate the options I'm sure are wrong first, then decide between the remaining ones.

upvoted 0 times

...

Kate

5 months ago

I've got a good feeling about this one. FILESYSTEMIO_OPTIONS and TAPE_ASYNCH_IO seem like they could be relevant initialization parameters for backup and recovery.

upvoted 0 times

...

Gail

5 months ago

I'm a little confused by the different ways the code is accessing the best model. I'll need to double-check the documentation on the AutoMLConfig class to make sure I understand the correct way to retrieve the best model.

upvoted 0 times

...