Google Cloud Digital Leader — Question 18

Your organization needs to restrict access to a Cloud Storage bucket. Only employees who are based in Canada should be allowed to view the contents.
What is the most effective and efficient way to satisfy this requirement?

Answer options

• A. Deploy the Cloud Storage bucket to a Google Cloud region in Canada
• B. Configure Google Cloud Armor to allow access to the bucket only from IP addresses based in Canada
• C. Give each employee who is based in Canada access to the bucket
• D. Create a group consisting of all Canada-based employees, and give the group access to the bucket

Correct answer: D

Explanation

The correct answer is D because creating a group of all Canada-based employees allows for centralized management of access permissions, making it efficient to update access as needed. Option A does not restrict access based on employee location; it only moves the data. Option B is overly complex and may not catch all scenarios, while option C is impractical for managing access on an individual basis.