Q: 5
You have an object in a Cloud Storage bucket that you want to share with an external company. The
object contains sensitive dat
a. You want access to the content to be removed after four hours. The external company does not
have a Google account to which you can grant specific user-based access privileges. You want to use
the most secure method that requires the fewest steps. What should you do?
Options
Discussion
Option A works best since a signed URL allows secure, temporary access without needing a Google account and auto-expires after 4 hours. The other options either make data public or add unnecessary steps. I think A is the most direct and secure here, but open to other views if missed something.
Option A is the way to go. Creating a signed URL with a 4-hour expiration is secure and quick, and no Google account needed for access. I saw similar scenarios in official practice sets. If you want to double-check, the GCP official documentation covers signed URLs pretty well. Pretty sure A matches best here.
C or A, but C exposes the object publicly (even if deleted after), which isn't secure for sensitive data. A signed URL in Option A is built for temporary, safe sharing. I'd pick A here unless I'm missing something.
A. Seen similar on practice tests, signed URL is usually what they want for secure, time-limited access when there's no Google account.
C
C tbh, if you actually delete the object after 4 hours then access is revoked anyway. But if cache is involved, maybe it's still accessible for a bit. It's nitpicky but that's why I picked C.
Actually, C seems more straightforward. Just set up the static website and give them the object's URL, then delete after four hours to cut access. Pretty sure this works, unless there's a hidden catch about security here.
No, I don't think C is the best fit. A signed URL (A) is made for this exact use case-temporary, secure access without needing a Google account, and it auto-expires. C exposes the file more broadly and takes extra steps. Pretty sure A is right here, unless I'm missing a catch.
C since deleting the object after four hours seems to meet the access removal part too.
D . Had something like this in a mock, but I'm still going with A since signed URLs expire by themselves and don't need extra deletions or bucket changes. D is more steps and kinda overkill unless you absolutely want to delete the data. Anyone disagree?
Be respectful. No spam.
