Exam: Cloud Digital Leader 0 Likes
Only employees who are based in Canada should be allowed to view the (Digital Leader)
Your organization needs to restrict access to a Cloud Storage bucket. Only employees who are based in Canada should be allowed to view the contents.
What is the most effective and efficient way to satisfy this requirement?
A) Deploy the Cloud Storage bucket to a Google Cloud region in Canada.
B) Configure Google Cloud Armor to allow access to the bucket only from IP addresses based in Canada.
C) Give each employee who is based in Canada access to the bucket.
D) Create a group consisting of all Canada-based employees, and give the group access to the bucket.
Solution
Correct answer: D) Create a group consisting of all Canada-based employees, and give the group access to the bucket.
This method ensures manageability and scalability. By creating a group specifically for Canada-based employees and granting access to the bucket to that group, you can easily manage access control by adding or removing employees from the group as needed. This approach aligns well with organizational structure and simplifies access management in the long run.
Question is tricky, but it says "based" in Canada. That is not the same as restricting access to "from Canada". An employee can for instance be based in Canada, but access the services while on business trip to Singapore.
Category: Google Cloud security and operations