How can you ensure this?

An organization has had a data leak scare because one employee made a sensitive Cloud Storage bucket available to the public. Given the nature of the company’s business, it is understood that there is never any reason to give the public direct access to any file. The security head wants to ensure that such an event never occurs again.

How can you ensure this?
A . Remove Edit access rights of all Cloud Storage buckets so that no user can make any edits.
B. Set an organizational policy constraint to restrict bucket access set to the public.
C. Use Cloud Scheduler to run a job at a specified interval to scan buckets. Any public permissions can be programmatically changed.
D. Write Cloud Functions code connected to Cloud Storage. Any changes will be notified to
the function which can be used to reset the public access.

Answer: B

Explanation:

The straightforward way to set it is using Organizational Policy constraint. Any attempts to change the organizational setting will be rejected for any project and resource.

Graphical user interface, text, application, email

Description automatically generated

References link:

-> https://cloud.google.com/resource-manager/docs/organization-policy/overview -> https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments