PROFESSIONAL-CLOUD-ARCHITECT · Question #362
PROFESSIONAL-CLOUD-ARCHITECT Question #362: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-CLOUD-ARCHITECT to reveal the answer and full explanation for question #362. The question stem and answer options stay visible for context.
Question
Your company has hired an external auditing firm to perform a compliance audit. Your company's governance policy requires that external auditors be managed in a single Google Group that is granted temporary, read-only access to a Cloud Storage bucket named audit-evidence-bucket. Access must be traceable to the individual auditor's identity and be active only for the duration of the audit engagement, which runs the entire month of October. You need a secure access control strategy that avoids administrative overhead and complies with your company's governance policy. What should you do?
Options
- AApply an IAM policy binding that grants the roles/storage.objectViewer role to the Google Group.
- BCreate a service account, and grant it the roles/storage.objectViewer role on the bucket.
- CUse Cloud Scheduler to run a Cloud Run functions script that adds the IAM binding of
- DUse Workforce Identity Federation to map the auditors' group to the Google Group. Bind the
Unlock PROFESSIONAL-CLOUD-ARCHITECT to see the answer
You've previewed enough free PROFESSIONAL-CLOUD-ARCHITECT questions. Unlock PROFESSIONAL-CLOUD-ARCHITECT for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.