Topic 1 Question 176
You need to enforce a security policy in your Google Cloud organization that prevents users from exposing objects in their buckets externally. There are currently no buckets in your organization. Which solution should you implement proactively to achieve this goal with the least operational overhead?
Create an hourly cron job to run a Cloud Function that finds public buckets and makes them private.
Enable the constraints/storage.publicAccessPrevention constraint at the organization level.
Enable the constraints/storage.uniformBucketLevelAccess constraint at the organization level.
Create a VPC Service Controls perimeter that protects the storage.googleapis.com service in your projects that contains buckets. Add any new project that contains a bucket to the perimeter.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: B
B is the answer.
https://cloud.google.com/storage/docs/public-access-prevention Public access prevention protects Cloud Storage buckets and objects from being accidentally exposed to the public. If your bucket is contained within an organization, you can enforce public access prevention by using the organization policy constraint storage.publicAccessPrevention at the project, folder, or organization level.
👍 4zellck2022/09/25 Exam Question Dec 2022
👍 3TonytheTiger2022/12/07- 正解だと思う選択肢: B
B. https://cloud.google.com/storage/docs/org-policy-constraints "When you apply the publicAccessPrevention constraint on a resource, public access is restricted for all buckets and objects, both new and existing, under that resource."
👍 2Random_Mane2022/09/05
シャッフルモード