PROFESSIONAL-CLOUD-DEVELOPER · Question #227
PROFESSIONAL-CLOUD-DEVELOPER Question #227: Real Exam Question with Answer & Explanation
The correct answer is D: Generate a signed URL that grants read access to the bucket. Allow users to access the URL. https://cloud.google.com/storage/docs/access-control/signed-urls#should-you-use In some scenarios, you might not want to require your users to have a Google account in order to access Cloud Storage, but you still want to control access using your application-specific logic. The t
Question
You are developing a web application that contains private images and videos stored in a Cloud Storage bucket. Your users are anonymous and do not have Google Accounts. You want to use your application-specific logic to control access to the images and videos. How should you configure access?
Options
- ACache each web application user's IP address to create a named IP table using Google Cloud
- BGrant the Storage Object Viewer IAM role to allUsers. Allow users to access the bucket after
- CConfigure Identity-Aware Proxy (IAP) to authenticate users into the web application. Allow users
- DGenerate a signed URL that grants read access to the bucket. Allow users to access the URL
Explanation
https://cloud.google.com/storage/docs/access-control/signed-urls#should-you-use In some scenarios, you might not want to require your users to have a Google account in order to access Cloud Storage, but you still want to control access using your application-specific logic. The typical way to address this use case is to provide a signed URL to a user, which gives the user read, write, or delete access to that resource for a limited time. You specify an expiration time when you create the signed URL. Anyone who knows the URL can access the resource until the expiration time for the URL is reached or the key used to sign the URL is rotated.
Topics
Community Discussion
No community discussion yet for this question.