Google Cloud Professional Cloud Security Engineer — Question 131

Your organization recently activated the Security Command Center (SCC) standard tier. There are a few Cloud Storage buckets that were accidentally made accessible to the public. You need to investigate the impact of the incident and remediate it.

What should you do?

Answer options

• A. 1. Remove the Identity and Access Management (IAM) granting access to all Users from the buckets. 2. Apply the organization policy storage.uniformBucketLevelAccess to prevent regressions. 3. Query the data access logs to report on unauthorized access.
• B. 1. Change permissions to limit access for authorized users. 2. Enforce a VPC Service Controls perimeter around all the production projects to immediately stop any unauthorized access. 3. Review the administrator activity audit logs to report on any unauthorized access.
• C. 1. Change the bucket permissions to limit access. 2. Query the bucket's usage logs to report on unauthorized access to the data. 3. Enforce the organization policy storage.publicAccessPrevention to avoid regressions.
• D. 1. Change bucket permissions to limit access. 2. Query the data access audit logs for any unauthorized access to the buckets. 3. After the misconfiguration is corrected, mute the finding in the Security Command Center.

Correct answer: C

Explanation

Option C is correct because it addresses both the immediate need to limit access and the prevention of future issues by applying the appropriate organization policy. Options A and B do not fully prevent future regressions, while Option D lacks the proactive measure of enforcing public access prevention.