Topic 1 Question 208
Your organization recently activated the Security Command Center (SCC) standard tier. There are a few Cloud Storage buckets that were accidentally made accessible to the public. You need to investigate the impact of the incident and remediate it.
What should you do?
- Remove the Identity and Access Management (IAM) granting access to all Users from the buckets.
- Apply the organization policy storage.uniformBucketLevelAccess to prevent regressions.
- Query the data access logs to report on unauthorized access.
- Change permissions to limit access for authorized users.
- Enforce a VPC Service Controls perimeter around all the production projects to immediately stop any unauthorized access.
- Review the administrator activity audit logs to report on any unauthorized access.
- Change the bucket permissions to limit access.
- Query the bucket's usage logs to report on unauthorized access to the data.
- Enforce the organization policy storage.publicAccessPrevention to avoid regressions.
- Change bucket permissions to limit access.
- Query the data access audit logs for any unauthorized access to the buckets.
- After the misconfiguration is corrected, mute the finding in the Security Command Center.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: C
C - usage logs to track access that occurs because a resource has allUsers or allAuthenticatedUsers - https://cloud.google.com/storage/docs/access-logs#should-you-use and the constraint - https://cloud.google.com/storage/docs/org-policy-constraints#public-access-prevention
👍 4pfilourenco2023/08/04 - 正解だと思う選択肢: C
C - is correct
👍 2akg0012023/08/13 - 正解だと思う選択肢: C
Here's why option C is the most appropriate choice:
Change Bucket Permissions to Limit Access: The first step is to immediately change the bucket permissions to limit access and revoke public access. This is crucial for preventing further unauthorized access to the data stored in the Cloud Storage buckets.
Query Bucket's Usage Logs: Querying the bucket's usage logs allows you to investigate the impact of the incident by identifying any unauthorized access or suspicious activity. You can use these logs to assess the extent of the breach and gather information about which objects or data were accessed.
Enforce storage.publicAccessPrevention: To prevent similar incidents from happening in the future, you should enforce the organization policy storage.publicAccessPrevention. This policy helps ensure that public access is prevented at the organizational level, reducing the risk of accidental misconfigurations.
👍 2Xoxoo2023/09/18
シャッフルモード