Exam Associate Cloud Engineer topic 1 question 29 discussion

A. Signed URLs are used to give time-limited resource access to anyone in possession of the URL, regardless of whether they have a Google account. https://cloud.google.com/storage/docs/access-control/signed-urls

A is correct

A. Signed URL. this creates credentials to access the file for a time period. You are then completely responsible to distribute the URL to whom needs its. Not advisable for most usecases. Howerver it is the correct answer to this question. This will fail most corporate security assessments.

Based on Google best practice and Doc, Signed URLs give time-limited access to a specific Cloud Storage resource. Anyone in possession of the signed URL can use it while it's active, regardless of whether they have a Google account or not.

Signed URLs give time-limited access to a specific Cloud Storage resource. Anyone in possession of the signed URL can use it while it's active, regardless of whether they have a Google account.

Option A

signed URL for timed access

The correct answer is A To do this, follow these steps: 1 Go to the Google Cloud Console 2 Click on the Storage menu 3 Click on the Browser tab 4 Click on the name of the bucket containing the object that you want to share 5 Click on the name of the object that you want to share 6 Click on the Create signed URL button 7 In the Expires field, enter 4 8 Click on the Create button The company will be able to access the object using the signed URL for four hours. After four hours, the signed URL will expire and the company will no longer be able to access the object. The other options are not as secure or efficient: B not as secure because it makes the object accessible to anyone who has the URL of the object C requires you to configure the storage bucket as a static website and to delete the object after four hours D requires you to create a new Cloud Storage bucket and to copy the object to that bucket https://cloud.google.com/storage/docs/access-control/signed-urls

A seems more legit

A. This page provides an overview of signed URLs, which give time-limited access to a specific Cloud Storage resource. Anyone in possession of the signed URL can use it while it's active, regardless of whether they have a Google account

A is correct

Answer A is correct. Creating a signed URL with a short expiration time is a secure way to share objects in a Cloud Storage bucket with an external party, especially when the external company does not have a Google account. Answer B is incorrect because setting object access to 'public' could potentially expose sensitive data to anyone who knows the object URL. Answer C is incorrect because configuring the storage bucket as a static website would make the entire bucket contents available publicly, which is not secure. Answer D is incorrect because creating a new Cloud Storage bucket for the external company to access, and then deleting the bucket after four hours, is a cumbersome and unnecessary approach. It also adds additional complexity to your environment.

A minimal... B C D too much steps

A. Signed URL for a certain period of time.

A. signed URL

A is correct

Answer is A