Google Exam Professional-Cloud-Developer Topic 14 Question 92 Discussion

Actual exam question for Google's Professional Cloud Developer exam

Question #: 92
Topic #: 14

[All Professional Cloud Developer Questions]

Your team is creating a serverless web application on Cloud Run. The application needs to access images stored in a private Cloud Storage bucket. You want to give the application Identity and Access Management (IAM) permission to access the images in the bucket, while also securing the services using Google-recommended best practices What should you do?

AEnforce signed URLs for the desired bucket. Grant the Storage Object Viewer IAM role on the bucket to the Compute Engine default service account.

BEnforce public access prevention for the desired bucket. Grant the Storage Object Viewer IAM role on the bucket to the Compute Engine
default service account.

CEnforce signed URLs for the desired bucket Create and update the Cloud Run service to use a user -managed service account. Grant the Storage Object Viewer IAM role on the bucket to the service account

DEnforce public access prevention for the desired bucket.
Create and update the Cloud Run service to use a user-managed service account. Grant the Storage Object Viewer IAM role on the bucket to the service account.

Show Suggested Answer

Suggested Answer: B

by Lenora at Sep 15, 2024, 07:13 AM

Limited Time Offer

25%

27 days ago

Option C seems like the best approach to me. Using a user-managed service account and enforcing signed URLs is a great way to secure the access to the private bucket.

upvoted 0 times

Eun

10 days ago

Enforcing signed URLs is a good practice. It helps secure access to the private bucket.

upvoted 0 times

...

Hyman

13 days ago

Option C seems like the best approach. It's important to use a user-managed service account for security.

upvoted 0 times

...