Google Cloud Associate Cloud Engineer — Question 29

You have an object in a Cloud Storage bucket that you want to share with an external company. The object contains sensitive data. You want access to the content to be removed after four hours. The external company does not have a Google account to which you can grant specific user-based access privileges. You want to use the most secure method that requires the fewest steps. What should you do?

Answer options

• A. Create a signed URL with a four-hour expiration and share the URL with the company.
• B. Set object access to 'public' and use object lifecycle management to remove the object after four hours.
• C. Configure the storage bucket as a static website and furnish the object's URL to the company. Delete the object from the storage bucket after four hours.
• D. Create a new Cloud Storage bucket specifically for the external company to access. Copy the object to that bucket. Delete the bucket after four hours have passed.

Correct answer: A

Explanation

The correct answer is A because creating a signed URL allows you to securely share access to the object for a limited time without requiring the external company to have a Google account. Option B compromises security by making the object public, while C and D involve unnecessary complexity and do not leverage the secure time-limited sharing that a signed URL provides.