Google Exam Professional-Cloud-Security-Engineer Topic 2 Question 60 Discussion

Actual exam question for Google's Professional Cloud Security Engineer exam

Question #: 60
Topic #: 2

[All Professional Cloud Security Engineer Questions]

You need to enforce a security policy in your Google Cloud organization that prevents users from exposing objects in their buckets externally. There are currently no buckets in your organization. Which solution should you implement proactively to achieve this goal with the least operational overhead?

ACreate an hourly cron job to run a Cloud Function that finds public buckets and makes them private.

BEnable the constraints/storage.publicAccessPrevention constraint at the organization level.

CEnable the constraints/storage.uniformBucketLevelAccess constraint at the organization level.

DCreate a VPC Service Controls perimeter that protects the storage.googleapis.com service in your projects that contains buckets. Add any new project that contains a bucket to the perimeter.

Show Suggested Answer

Suggested Answer: B

https://cloud.google.com/storage/docs/public-access-prevention

Public access prevention protects Cloud Storage buckets and objects from being accidentally exposed to the public. If your bucket is contained within an organization, you can enforce public access prevention by using the organization policy constraint storage.publicAccessPrevention at the project, folder, or organization level.

by Felix at Feb 05, 2023, 03:14 AM

Limited Time Offer

25%

Off

Get Premium Professional-Cloud-Security-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!