Google Cloud Professional Cloud Security Engineer — Question 129

Your organization's record data exists in Cloud Storage. You must retain all record data for at least seven years. This policy must be permanent.

What should you do?

Answer options

• A. 1. Identify buckets with record data. 2. Apply a retention policy, and set it to retain for seven years. 3. Monitor the bucket by using log-based alerts to ensure that no modifications to the retention policy occurs.
• B. 1. Identify buckets with record data. 2. Apply a retention policy, and set it to retain for seven years. 3. Remove any Identity and Access Management (IAM) roles that contain the storage buckets update permission.
• C. 1. Identify buckets with record data. 2. Enable the bucket policy only to ensure that data is retained. 3. Enable bucket lock.
• D. 1. Identify buckets with record data. 2. Apply a retention policy and set it to retain for seven years. 3. Enable bucket lock.

Correct answer: D

Explanation

The correct answer is D because it includes applying a retention policy and enabling bucket lock, which ensures that the data cannot be modified or deleted for the specified retention period. Options A and B do not provide the necessary guarantee of data immutability after setting a retention policy, while option C lacks the application of a retention policy, making it insufficient for permanent data retention.