Topic 1 Question 39
Your organization needs to restrict access to a Cloud Storage bucket. Only employees who are based in Canada should be allowed to view the contents. What is the most effective and efficient way to satisfy this requirement?
Deploy the Cloud Storage bucket to a Google Cloud region in Canada
Configure Google Cloud Armor to allow access to the bucket only from IP addresses based in Canada
Give each employee who is based in Canada access to the bucket
Create a group consisting of all Canada-based employees, and give the group access to the bucket
ユーザの投票
コメント(17)
- 正解だと思う選択肢: D
Correct answer is D. Question is tricky, but it says "based" in Canada. That is not the same as restricting access to "from Canada". An employee can for instance be based in Canada, but access the services while on business trip to Singapore.
👍 24Halimb2022/01/26 - 正解だと思う選択肢: D
D is the answer.
https://cloud.google.com/storage/docs/collaboration#group In this scenario, you want to make objects available to specific users, such as users invited to try out new software. In addition, you want to invite many users, but you do not want to set permission for each user individually. At the same time, you don't want to make the objects publicly readable and send invited customers links to access the objects, because there is a risk the links may be sent to users who are not invited.
One way to handle this scenario is through the use of Google Groups. You can create a group and add only invited users to the group. Then, you can give the group as a whole access to the objects.
👍 2zellck2022/12/19 - 正解だと思う選択肢: B
Cloud Armor can help to control access from specific IP / Region
👍 2MGSS2022/12/26
シャッフルモード