Google Cloud Professional Cloud Developer — Question 305

You are developing a secure document sharing platform. The platform allows users to share documents with other users who may be external to their organization. Access to these documents should be revoked after a configurable time period. The documents are stored in Cloud Storage. How should you configure Cloud Storage to support this functionality?

Answer options

• A. Create signed policy documents on the Cloud Storage bucket.
• B. Apply access control list (ACL) permissions to the Cloud Storage bucket.
• C. Generate a signed URL for each document the user wants to share.
• D. Grant the Storage Object Viewer IAM role to all authenticated users.

Correct answer: C

Explanation

The correct answer is C because generating a signed URL allows you to provide time-limited access to specific documents, which meets the requirement for revoking access after a configurable period. Option A, while useful for defining permissions, does not inherently support time-limited access. Option B only involves setting permissions and does not provide a mechanism for expiring access. Option D grants too broad access to all authenticated users without the ability to control access duration.