Google Cloud Professional Cloud Architect — Question 142

You are working at a financial institution that stores mortgage loan approval documents on Cloud Storage. Any change to these approval documents must be uploaded as a separate approval file, so you want to ensure that these documents cannot be deleted or overwritten for the next 5 years. What should you do?

Answer options

• A. Create a retention policy on the bucket for the duration of 5 years. Create a lock on the retention policy.
• B. Create the bucket with uniform bucket-level access, and grant a service account the role of Object Writer. Use the service account to upload new files.
• C. Use a customer-managed key for the encryption of the bucket. Rotate the key after 5 years.
• D. Create the bucket with fine-grained access control, and grant a service account the role of Object Writer. Use the service account to upload new files.

Correct answer: A

Explanation

The correct answer is A because implementing a retention policy with a lock ensures that the documents cannot be deleted or modified for the specified duration. Options B and D focus on access control, which does not prevent deletion or modification of existing files. Option C relates to encryption management, which does not address the retention requirement.