Google Cloud Professional Cloud Security Engineer — Question 263

You are the security admin of your company. You have 3,000 objects in your Cloud Storage bucket. You do not want to manage access to each object individually.
You also do not want the uploader of an object to always have full control of the object. However, you want to use Cloud Audit Logs to manage access to your bucket.
What should you do?

Answer options

• A. Set up an ACL with OWNER permission to a scope of allUsers.
• B. Set up an ACL with READER permission to a scope of allUsers.
• C. Set up a default bucket ACL and manage access for users using IAM.
• D. Set up Uniform bucket-level access on the Cloud Storage bucket and manage access for users using IAM.

Correct answer: D

Explanation

The correct choice is D because enabling Uniform bucket-level access simplifies permission management by applying IAM roles at the bucket level rather than individual objects. Options A and B incorrectly grant broad permissions to allUsers, which does not meet the requirement of limiting access. Option C, while it suggests using IAM, still involves managing individual object ACLs, which is not the desired approach.