Google Cloud Professional Cloud Security Engineer — Question 266

You want to make sure that your organization's Cloud Storage buckets cannot have data publicly available to the internet. You want to enforce this across all
Cloud Storage buckets. What should you do?

Answer options

• A. Remove Owner roles from end users, and configure Cloud Data Loss Prevention.
• B. Remove Owner roles from end users, and enforce domain restricted sharing in an organization policy.
• C. Configure uniform bucket-level access, and enforce domain restricted sharing in an organization policy.
• D. Remove *.setIamPolicy permissions from all roles, and enforce domain restricted sharing in an organization policy.

Correct answer: C

Explanation

The correct answer is C because configuring uniform bucket-level access ensures that permissions are managed at the bucket level, preventing public access. The other options do not directly address the need for consistent access controls across all buckets or focus solely on role modifications without establishing the necessary access policies.