Google Cloud Professional Cloud Developer — Question 167

You are developing a web application that contains private images and videos stored in a Cloud Storage bucket. Your users are anonymous and do not have Google Accounts. You want to use your application-specific logic to control access to the images and videos. How should you configure access?

Answer options

• A. Cache each web application user's IP address to create a named IP table using Google Cloud Armor. Create a Google Cloud Armor security policy that allows users to access the backend bucket.
• B. Grant the Storage Object Viewer IAM role to allUsers. Allow users to access the bucket after authenticating through your web application.
• C. Configure Identity-Aware Proxy (IAP) to authenticate users into the web application. Allow users to access the bucket after authenticating through IAP.
• D. Generate a signed URL that grants read access to the bucket. Allow users to access the URL after authenticating through your web application.

Correct answer: D

Explanation

The correct answer is D because generating a signed URL allows you to grant temporary access to the private images and videos without requiring Google Accounts. The other options either grant broader access than intended or rely on methods that require user authentication, which is not suitable for anonymous users.